Export limit exceeded: 46111 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46111 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1240 | 1 Answer | 1 Answer | 2025-03-04 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-49574 | 1 Flexense | 1 Vx Search | 2025-03-04 | 7.1 High |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | ||||
| CVE-2023-49573 | 1 Flexense | 1 Vx Search | 2025-03-04 | 7.1 High |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | ||||
| CVE-2025-0555 | 1 Gitlab | 1 Gitlab | 2025-03-04 | 7.7 High |
| A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions. | ||||
| CVE-2023-1841 | 1 Honeywell | 2 Mpa2, Mpa2 Firmware | 2025-03-04 | 8.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability. | ||||
| CVE-2024-2001 | 1 Agentejo | 1 Cockpit | 2025-03-04 | 5.5 Medium |
| A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded. | ||||
| CVE-2023-1315 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1316 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1319 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2024-57026 | 1 Tawk | 1 Tawk.to | 2025-03-03 | 6.1 Medium |
| TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution. | ||||
| CVE-2023-27130 | 1 Typecho | 1 Typecho | 2025-03-03 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. | ||||
| CVE-2025-1169 | 1 Rems | 1 Image Compressor Tool | 2025-03-03 | 3.5 Low |
| A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The manipulation of the argument image leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-2525 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2535 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2526 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2533 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2530 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2515 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-03-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1577 | 1 Code-projects | 1 Blood Bank System | 2025-03-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1170 | 1 Fabian | 1 Real Estate Property Management System | 2025-03-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||