Export limit exceeded: 46124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46124 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28680 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | ||||
| CVE-2024-28683 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | ||||
| CVE-2023-22578 | 1 Sequelizejs | 1 Sequelize | 2025-04-01 | 10 Critical |
| Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | ||||
| CVE-2024-10515 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-03-31 | 3.5 Low |
| In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | ||||
| CVE-2024-51209 | 1 Phpgurukul | 1 Client Management System | 2025-03-31 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page. | ||||
| CVE-2024-48807 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-31 | 5.4 Medium |
| Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. | ||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | 5.9 Medium |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | ||||
| CVE-2024-46470 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 6.1 Medium |
| Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | ||||
| CVE-2024-45528 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 5.4 Medium |
| CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. | ||||
| CVE-2024-39659 | 1 Lesterchan | 1 Wp-postratings | 2025-03-31 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. | ||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2025-03-31 | 6.1 Medium |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | ||||
| CVE-2021-34650 | 1 Eideasy | 1 Eid Easy | 2025-03-31 | 5.4 Medium |
| The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | ||||
| CVE-2021-39337 | 1 Job-portal Project | 1 Job-portal | 2025-03-31 | 5.5 Medium |
| The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39345 | 1 Cnrs | 1 Hal | 2025-03-31 | 5.5 Medium |
| The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39338 | 1 Mybb Cross-poster Project | 1 Mybb Cross-poster | 2025-03-31 | 5.5 Medium |
| The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39335 | 1 Wpgenious | 1 Wpgenius Job Listing | 2025-03-31 | 5.5 Medium |
| The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39354 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-03-31 | 4.8 Medium |
| The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2. | ||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | 5.9 Medium |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | ||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | 5.9 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | ||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | ||||