Export limit exceeded: 46029 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46029 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2071 | 1 Remyandrade | 1 Faq Management System | 2024-12-31 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-27087 | 1 Getkirby | 1 Kirby | 2024-12-31 | 4.6 Medium |
| Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1. | ||||
| CVE-2024-1749 | 1 Bdtask | 1 Bhojon | 2024-12-31 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-0010 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. | ||||
| CVE-2023-2819 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-12-30 | 4.3 Medium |
| A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code execution in an admin context. All versions prior to 5.10.0 are affected. | ||||
| CVE-2020-24723 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2024-12-27 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. | ||||
| CVE-2024-5444 | 1 Mark8barnes | 1 Bible Text | 2024-12-26 | 5.4 Medium |
| The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-43054 | 1 Ibm | 1 Engineering Test Management | 2024-12-23 | 6.4 Medium |
| IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267459. | ||||
| CVE-2024-1871 | 1 Razormist | 1 Employee Management System | 2024-12-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5273 | 1 Mayurik | 1 Best Courier Management System | 2024-12-23 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1159 | 1 Booking-wp-plugin | 1 Bookly | 2024-12-20 | 4 Medium |
| The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-26128 | 1 Basercms | 1 Basercms | 2024-12-20 | 5.4 Medium |
| baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability. | ||||
| CVE-2023-27584 | 2 Dragonflyoss, Linuxfoundation | 2 Dragonfly2, Dragonfly | 2024-12-20 | 9.8 Critical |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-27126 | 1 Qnap | 1 Notes Station 3 | 2024-12-20 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | ||||
| CVE-2024-27122 | 1 Qnap | 1 Notes Station 3 | 2024-12-20 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | ||||
| CVE-2024-2146 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2024-12-20 | 3.5 Low |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499. | ||||
| CVE-2024-47528 | 1 Librenms | 1 Librenms | 2024-12-19 | 4.8 Medium |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. | ||||
| CVE-2024-49550 | 1 Adobe | 1 Connect | 2024-12-19 | 6.1 Medium |
| Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2024-47526 | 1 Librenms | 1 Librenms | 2024-12-19 | 3.5 Low |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. | ||||
| CVE-2024-47524 | 1 Librenms | 1 Librenms | 2024-12-19 | 7.2 High |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0. | ||||