Export limit exceeded: 46110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46110 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2778 | 1 Campcodes | 1 Online Marriage Registration System | 2025-02-20 | 3.5 Low |
| A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612. | ||||
| CVE-2024-4797 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 3.5 Low |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263896. | ||||
| CVE-2024-28112 | 1 Peering-manager | 1 Peering Manager | 2025-02-20 | 6.1 Medium |
| Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-2832 | 1 Campcodes | 1 Online Shopping System | 2025-02-20 | 3.5 Low |
| A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. | ||||
| CVE-2025-24012 | 1 Umbraco | 1 Umbraco Cms | 2025-02-20 | 4.6 Medium |
| Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch. | ||||
| CVE-2024-52295 | 1 Dataease | 1 Dataease | 2025-02-20 | 9.8 Critical |
| DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2. | ||||
| CVE-2024-13570 | 1 Unalignedcode | 1 Stray Random Quotes | 2025-02-20 | 6.1 Medium |
| The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13543 | 1 Amini7 | 1 Zarinpal Paid Download | 2025-02-20 | 6.1 Medium |
| The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-27242 | 1 Razormist | 1 Loan Management System | 2025-02-19 | 5.4 Medium |
| SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. | ||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-19 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | ||||
| CVE-2022-47171 | 1 Ip Vault - Wp Firewall Project | 1 Ip Vault - Wp Firewall | 2025-02-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions. | ||||
| CVE-2022-34148 | 1 Jetbackup | 1 Jetbackup | 2025-02-19 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions. | ||||
| CVE-2022-45814 | 1 Wp Calendar Project | 1 Wp Calendar | 2025-02-19 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | ||||
| CVE-2023-25064 | 1 Wp Htpasswd Project | 1 Wp Htpasswd | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | ||||
| CVE-2023-22679 | 1 Wp Better Emails Project | 1 Wp Better Emails | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions. | ||||
| CVE-2022-41831 | 1 Wp Glossary Project | 1 Wp Glossary | 2025-02-19 | 5.4 Medium |
| Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | ||||
| CVE-2023-22715 | 1 Wp-commentnavi Project | 1 Wp-commentnavi | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions. | ||||
| CVE-2023-23728 | 1 Winwar | 1 Wp Flipclock | 2025-02-19 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions. | ||||
| CVE-2023-23722 | 1 Winwar | 1 Wp Ebay Product Feeds | 2025-02-19 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions. | ||||
| CVE-2022-47145 | 1 Blockonomics | 1 Blockonomics | 2025-02-19 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions. | ||||