Export limit exceeded: 46133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43857 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 5.4 Medium |
| Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | ||||
| CVE-2023-1746 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0287 | 1 Favorites-web Project | 1 Favorites-web | 2025-04-04 | 3.5 Low |
| A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | 8.6 High |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | ||||
| CVE-2024-11004 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-04-04 | 6.1 Medium |
| Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | ||||
| CVE-2024-34954 | 1 Code-projects | 1 Budget Management | 2025-04-04 | 6.1 Medium |
| Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. | ||||
| CVE-2023-23019 | 2 Oretnom23, Sourcecodester | 2 Blog Site, Blog Site | 2025-04-04 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\ | ||||
| CVE-2022-43717 | 1 Apache | 1 Superset | 2025-04-04 | 5.4 Medium |
| Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2024-32409 | 1 Sem-cms | 1 Semcms | 2025-04-04 | 7.1 High |
| An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2024-31857 | 1 Incsub | 1 Forminator | 2025-04-04 | 5.4 Medium |
| Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser. | ||||
| CVE-2023-20248 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-04 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2024-9900 | 1 Mudler | 1 Localai | 2025-04-04 | 6.1 Medium |
| mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM. | ||||
| CVE-2023-23491 | 1 Fullworksplugins | 1 Quick Event Manager | 2025-04-03 | 6.1 Medium |
| The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action. | ||||
| CVE-2023-22373 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | 5.4 Medium |
| Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. | ||||
| CVE-2022-4650 | 1 Hasthemes | 1 Hashbar | 2025-04-03 | 5.4 Medium |
| The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2022-4235 | 1 Rushstreetinteractive | 1 Rushbet | 2025-04-03 | 5.4 Medium |
| RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives. | ||||
| CVE-2023-22594 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2025-04-03 | 4.6 Medium |
| IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. | ||||
| CVE-2022-46888 | 1 Nexusphp | 1 Nexusphp | 2025-04-03 | 6.1 Medium |
| Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. | ||||
| CVE-2024-57488 | 1 Code-projects | 1 Online Car Rental System | 2025-04-03 | 6.5 Medium |
| Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. | ||||
| CVE-2025-25625 | 1 Fs | 2 S3150-8t2f, S3150-8t2f Firmware | 2025-04-03 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages which then present the user name without encoding special characters will then cause the injected code to be parsed by the browsers of other users accessing the web interface. | ||||