Export limit exceeded: 46123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4822 | 1 Arox | 1 School Erp Pro\+responsive | 2025-10-23 | 6.5 Medium |
| Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session. | ||||
| CVE-2025-62598 | 1 Wegia | 1 Wegia | 2025-10-23 | 6.1 Medium |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1. | ||||
| CVE-2025-62414 | 1 Webkul | 1 Bagisto | 2025-10-22 | 6.9 Medium |
| Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later execute in the context of an admin’s browser or another user viewing the customer data, enabling session theft or admin-level actions. This vulnerability is fixed in 2.3.8. | ||||
| CVE-2025-62418 | 1 Webkul | 1 Bagisto | 2025-10-22 | 6.9 Medium |
| Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8. | ||||
| CVE-2025-60781 | 1 Iqbolshoh | 1 Php Education Management | 2025-10-22 | 6.1 Medium |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter. | ||||
| CVE-2025-35060 | 1 Newforma | 2 Project Center, Project Center Server | 2025-10-22 | 5.5 Medium |
| Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent. | ||||
| CVE-2024-6380 | 2 3ds, Dassult | 2 3dexperience Enovia, Enovia Collaborative Industry Innovator | 2025-10-22 | 8.7 High |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-12089 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-12090 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-12091 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-12092 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0596 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0598 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0599 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0600 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0601 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0826 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0828 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0829 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-0832 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||