Export limit exceeded: 46159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59766 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LT.ASP'. | ||||
| CVE-2025-59765 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LF.ASP'. | ||||
| CVE-2025-10341 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x. | ||||
| CVE-2025-10342 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'. | ||||
| CVE-2025-10343 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'. | ||||
| CVE-2025-10344 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'. | ||||
| CVE-2025-10345 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'. | ||||
| CVE-2025-10346 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'. | ||||
| CVE-2025-59746 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'. | ||||
| CVE-2025-59747 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/resetPassword.asp'. | ||||
| CVE-2025-59748 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in '/clt/changepassword.asp'. | ||||
| CVE-2025-59749 | 1 Andsoft | 1 E-tms | 2025-10-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/TRACK_REQUEST.ASP'. | ||||
| CVE-2025-11112 | 1 Phpgurukul | 1 Employee Record Management System | 2025-10-02 | 4.3 Medium |
| A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10271 | 2 10oa, Erjinzhi | 2 10oa, 10oa | 2025-10-02 | 4.3 Medium |
| A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10272 | 2 10oa, Erjinzhi | 2 10oa, 10oa | 2025-10-02 | 4.3 Medium |
| A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10274 | 2 10oa, Erjinzhi | 2 10oa, 10oa | 2025-10-02 | 4.3 Medium |
| A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-43484 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 6.1 Medium |
| A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update. | ||||
| CVE-2025-43486 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 4.8 Medium |
| A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update. | ||||
| CVE-2025-43488 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 4.8 Medium |
| A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update. | ||||
| CVE-2024-41911 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 5.4 Medium |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. | ||||