Export limit exceeded: 352419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50990 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-03-27 | 6.1 Medium |
| A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. | ||||
| CVE-2025-2650 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-03-27 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-55059 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-27 | 6.1 Medium |
| A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php. | ||||
| CVE-2024-55056 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field. | ||||
| CVE-2024-38971 | 1 Vaethink | 1 Vaethink | 2025-03-27 | 5.4 Medium |
| vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | ||||
| CVE-2024-37474 | 1 Automattic | 1 Newspack Ads | 2025-03-27 | 6.5 Medium |
| Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1. | ||||
| CVE-2024-0951 | 1 Shahaji9 | 1 Advanced Social Feeds Widget \& Shortcode | 2025-03-27 | 4.8 Medium |
| The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-4651 | 1 Justified Gallery Project | 1 Justified Gallery | 2025-03-27 | 5.4 Medium |
| The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2022-46934 | 1 Keking | 1 Kkfileview | 2025-03-27 | 6.1 Medium |
| kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | ||||
| CVE-2024-3548 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-03-27 | 6.1 Medium |
| The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-37680 | 2 Finesoft Project, Hangzhou Meisoft Information Technology | 2 Finesoft, Finesoft | 2025-03-27 | 6.3 Medium |
| Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl. | ||||
| CVE-2024-27278 | 1 Openpne | 1 Optimelineplugin | 2025-03-27 | 5.4 Medium |
| OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users. | ||||
| CVE-2024-25292 | 1 Martinbarker | 1 Rendertune | 2025-03-27 | 9.6 Critical |
| Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. | ||||
| CVE-2024-22855 | 1 Itssglobal | 1 Imlog | 2025-03-27 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | ||||
| CVE-2023-7115 | 1 Pagelayer | 1 Pagelayer | 2025-03-27 | 4.8 Medium |
| The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-23132 | 1 Selfwealth | 1 Selfwealth | 2025-03-27 | 7.5 High |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | ||||
| CVE-2023-23078 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | ||||
| CVE-2023-23077 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | ||||
| CVE-2023-23075 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-03-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | ||||
| CVE-2023-23074 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | ||||