Export limit exceeded: 352566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46134 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25823 | 1 Emlog | 1 Emlog | 2025-04-07 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php. | ||||
| CVE-2025-25825 | 1 Emlog | 1 Emlog | 2025-04-07 | 7.1 High |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section. | ||||
| CVE-2024-46226 | 1 Helpdeskz | 1 Helpdeskz | 2025-04-07 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket. | ||||
| CVE-2024-50688 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.8 Critical |
| SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry. | ||||
| CVE-2024-57423 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-04-07 | 6.1 Medium |
| A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. | ||||
| CVE-2023-0300 | 1 Opencollective | 1 Alf.io | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. | ||||
| CVE-2023-0301 | 1 Opencollective | 1 Alf.io | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. | ||||
| CVE-2023-0306 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2024-30979 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-04-07 | 5.9 Medium |
| Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. | ||||
| CVE-2022-43718 | 1 Apache | 1 Superset | 2025-04-07 | 5.4 Medium |
| Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2023-0289 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | ||||
| CVE-2023-0308 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0309 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0310 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0312 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | ||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.8 Medium |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | ||||
| CVE-2024-0902 | 1 Radykal | 1 Fancy Product Designer | 2025-04-07 | 4.3 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||