Search Results (47126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46087 1 Cloudschool Project 1 Cloudschool 2025-03-28 5.4 Medium
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.
CVE-2024-27625 1 Cmsmadesimple 1 Cms Made Simple 2025-03-28 4.8 Medium
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field.
CVE-2023-0566 1 Froxlor 1 Froxlor 2025-03-28 6.2 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.
CVE-2023-0549 1 Yetanotherforum 1 Yaf.net 2025-03-28 3.5 Low
A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.
CVE-2023-49977 1 Oretnom23 1 Customer Support System 2025-03-28 5.4 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
CVE-2023-49976 1 Oretnom23 1 Customer Support System 2025-03-28 5.4 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
CVE-2023-49974 2 Oretnom23, Sourcecodester 2 Customer Support System, Customer Support System 2025-03-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
CVE-2023-51281 2 Oretnom23, Sourcecodester 2 Customer Support System, Customer Support System 2025-03-28 5.4 Medium
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
CVE-2024-27743 2 Mayurik, Petroleum Management Software Application Project 2 Petrol Pump Management, Petroleum Management Software Application 2025-03-28 6.1 Medium
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
CVE-2024-27744 1 Mayurik 1 Petrol Pump Management 2025-03-28 6.1 Medium
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
CVE-2025-0281 1 Lunary 1 Lunary 2025-03-28 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. An attacker can inject malicious JavaScript into the SAML IdP XML metadata, which is used to generate the SAML login redirect URL. This URL is then set as the value of `window.location.href` without proper validation or sanitization. This vulnerability allows the attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions. The issue is fixed in version 1.7.10.
CVE-2024-29419 1 Totolink 2 X2000r, X2000r Firmware 2025-03-27 5.4 Medium
There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.
CVE-2024-28156 1 Jenkins 1 Build Monitor View 2025-03-27 5.4 Medium
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
CVE-2024-24389 1 Xunruicms 1 Xunruicms 2025-03-27 6.1 Medium
A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter.
CVE-2024-24276 1 Teamwire 1 Teamwire 2025-03-27 9.6 Critical
Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components.
CVE-2024-24275 2 Microsoft, Teamwire 2 Windows, Teamwire 2025-03-27 9.6 Critical
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function.
CVE-2023-23021 1 Oretnom23 1 Pos - Point Of Sale System 2025-03-27 6.1 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php.
CVE-2022-4793 1 Solwininfotech 1 Blog Designer 2025-03-27 6.8 Medium
The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2022-43978 1 Pandorafms 1 Pandora Fms 2025-03-27 5.6 Medium
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
CVE-2022-43980 1 Pandorafms 1 Pandora Fms 2025-03-27 5.2 Medium
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user“s cookie.