Export limit exceeded: 352542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46130 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46130 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25369 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-04-03 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. | ||||
| CVE-2023-42308 | 1 Code-projects | 1 Exam Form Submission | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section. | ||||
| CVE-2024-24097 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | ||||
| CVE-2024-12982 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 2.4 Low |
| A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2025-04-03 | 5.4 Medium |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | ||||
| CVE-2023-1030 | 1 Online Boat Reservation System Project | 1 Online Boat Reservation System | 2025-04-03 | 3.5 Low |
| A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37798 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-03 | 5.9 Medium |
| Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | ||||
| CVE-2024-34796 | 1 Accessally | 1 Popupally | 2025-04-03 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | ||||
| CVE-2025-27914 | 1 Zimbra | 1 Collaboration | 2025-04-02 | 5.4 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim. | ||||
| CVE-2024-22880 | 1 Zadarma | 1 Zadarma | 2025-04-02 | 4.7 Medium |
| Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. | ||||
| CVE-2024-57348 | 1 Pecanproject | 1 Pecan | 2025-04-02 | 6.1 Medium |
| Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters. | ||||
| CVE-2024-25876 | 1 Enhavo | 1 Enhavo | 2025-04-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | ||||
| CVE-2024-25875 | 1 Enhavo | 1 Enhavo | 2025-04-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. | ||||
| CVE-2024-25874 | 1 Enhavo | 1 Enhavo | 2025-04-02 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. | ||||
| CVE-2024-25974 | 1 Frentix | 1 Openolat | 2025-04-02 | 5.4 Medium |
| The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. | ||||
| CVE-2024-10565 | 1 10web | 1 Slider | 2025-04-02 | 6.1 Medium |
| The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10105 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-02 | 5.9 Medium |
| The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | ||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2025-04-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | ||||
| CVE-2022-41441 | 1 Reqlogic | 1 Reqlogic | 2025-04-02 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. | ||||