Export limit exceeded: 46106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24724 | 1 Sas | 1 Web Administration Interface | 2025-02-18 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3. | ||||
| CVE-2023-50167 | 1 Pega | 1 Pega Platform | 2025-02-18 | 5.4 Medium |
| Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. | ||||
| CVE-2020-19697 | 1 Ipandao | 1 Editor.md | 2025-02-14 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter. | ||||
| CVE-2024-3086 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 4.3 Medium |
| A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679. | ||||
| CVE-2024-3091 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 2.4 Low |
| A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684. | ||||
| CVE-2024-3090 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 2.4 Low |
| A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683. | ||||
| CVE-2024-3084 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability. | ||||
| CVE-2022-47870 | 1 Red-gate | 1 Sql Monitor | 2025-02-14 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. | ||||
| CVE-2021-39350 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2025-02-14 | 6.1 Medium |
| The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727. | ||||
| CVE-2020-20521 | 1 Kitesky | 1 Kitecms | 2025-02-14 | 6.1 Medium |
| Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | ||||
| CVE-2020-19699 | 1 Kiftd Project | 1 Kiftd | 2025-02-14 | 6.1 Medium |
| Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page. | ||||
| CVE-2020-19698 | 1 Ipandao | 1 Editor.md | 2025-02-14 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. | ||||
| CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2025-02-14 | 6.4 Medium |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. | ||||
| CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2025-02-14 | 7.1 High |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | ||||
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2025-02-14 | 8.8 High |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | ||||
| CVE-2021-39334 | 1 Perceptionsystem | 1 Job Board Vanila | 2025-02-14 | 5.5 Medium |
| The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39336 | 1 Wp-jobmanager | 1 Job Manager | 2025-02-14 | 5.5 Medium |
| The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39344 | 1 Kajoom | 1 Kjm Admin Notices | 2025-02-14 | 5.5 Medium |
| The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39349 | 1 Author Bio Box Project | 1 Author Bio Box | 2025-02-14 | 5.5 Medium |
| The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39355 | 1 Indeed-job-importer Project | 1 Indeed-job-importer | 2025-02-14 | 5.5 Medium |
| The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||