Search Results (47130 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-13019 1 Code-projects 1 Chat System 2025-04-03 3.5 Low
A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.
CVE-2023-22910 1 Mediawiki 1 Mediawiki 2025-04-03 5.4 Medium
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.
CVE-2022-45558 2 Apple, Left Project 2 Macos, Left 2025-04-03 6.1 Medium
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag.
CVE-2022-45557 2 Apple, Left Project 2 Macos, Left 2025-04-03 6.1 Medium
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names.
CVE-2022-45542 1 Eyoucms 1 Eyoucms 2025-04-03 5.4 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVE-2022-45541 1 Eyoucms 1 Eyoucms 2025-04-03 6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVE-2022-45540 1 Eyoucms 1 Eyoucms 2025-04-03 6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
CVE-2022-45539 1 Eyoucms 1 Eyoucms 2025-04-03 6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
CVE-2022-45538 1 Eyoucms 1 Eyoucms 2025-04-03 6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
CVE-2022-45537 1 Eyoucms 1 Eyoucms 2025-04-03 6.1 Medium
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
CVE-2024-35396 1 Totolink 3 Cp900, Cp900l, Cp900l Firmware 2025-04-03 9.8 Critical
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVE-2024-32327 1 Totolink 2 N300rt, N300rt Firmware 2025-04-03 5.5 Medium
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
CVE-2024-32332 1 Totolink 2 N300rt, N300rt Firmware 2025-04-03 6.1 Medium
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
CVE-2024-32333 1 Totolink 2 N300rt, N300rt Firmware 2025-04-03 4.3 Medium
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVE-2024-32334 1 Totolink 2 N300rt, N300rt Firmware 2025-04-03 6.5 Medium
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVE-2024-32335 1 Totolink 2 N300rt, N300rt Firmware 2025-04-03 5.4 Medium
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
CVE-2024-31065 2 Munyweki, Sourcecodester 2 Insurance Management System, Insurance Management System 2025-04-03 6.1 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
CVE-2024-31064 1 Munyweki 1 Insurance Management System 2025-04-03 6.1 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
CVE-2024-31063 1 Munyweki 1 Insurance Management System 2025-04-03 6.4 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.
CVE-2023-23024 1 Book Store Management System Project 1 Book Store Management System 2025-04-03 6.1 Medium
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.