Export limit exceeded: 46001 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46001 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39320 | 1 Underconstruction Project | 1 Underconstruction | 2025-05-05 | 6.1 Medium |
| The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. | ||||
| CVE-2021-39322 | 1 Cybernetikz | 1 Easy Social Icons | 2025-05-05 | 6.1 Medium |
| The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. | ||||
| CVE-2021-38318 | 1 3d Cover Carousel Project | 1 3d Cover Carousel | 2025-05-05 | 6.1 Medium |
| The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2025-05-05 | 6.1 Medium |
| The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | ||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2025-05-05 | 6.1 Medium |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | ||||
| CVE-2021-38323 | 1 30lines | 1 Rentpress | 2025-05-05 | 6.1 Medium |
| The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | ||||
| CVE-2021-36206 | 1 Johnsoncontrols | 1 Cevas | 2025-05-05 | 10 Critical |
| All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. | ||||
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2025-05-05 | 6.1 Medium |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | ||||
| CVE-2022-42750 | 1 Auieo | 1 Candidats | 2025-05-05 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user. | ||||
| CVE-2022-42749 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42748 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42747 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-42746 | 1 Auieo | 1 Candidats | 2025-05-05 | 6.1 Medium |
| CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | ||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2025-05-05 | 5.4 Medium |
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | ||||
| CVE-2022-30615 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | 5.4 Medium |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592. | ||||
| CVE-2024-50053 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus | 2025-05-05 | 6.3 Medium |
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | ||||
| CVE-2022-43372 | 1 Emlog | 1 Emlog | 2025-05-05 | 4.8 Medium |
| Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | ||||
| CVE-2024-21395 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-21328 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Dynamics 365 Sales Spoofing Vulnerability | ||||
| CVE-2024-20679 | 1 Microsoft | 1 Azure Stack Hub | 2025-05-03 | 6.5 Medium |
| Azure Stack Hub Spoofing Vulnerability | ||||