Export limit exceeded: 46005 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46005 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2025-05-02 | 6.1 Medium |
| The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | ||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | ||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2025-05-02 | 6.1 Medium |
| The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | ||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2025-05-02 | 6.1 Medium |
| The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | ||||
| CVE-2021-38327 | 1 Ueberhamm-design | 1 Youtube Video Inserter | 2025-05-02 | 6.1 Medium |
| The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | ||||
| CVE-2021-38354 | 1 Gnu-mailman Integration Project | 1 Gnu-mailman Integration | 2025-05-02 | 6.1 Medium |
| The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | ||||
| CVE-2021-38359 | 1 Invitebox | 1 Invitebox | 2025-05-02 | 6.1 Medium |
| The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. | ||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2025-05-02 | 6.1 Medium |
| The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | ||||
| CVE-2021-38357 | 1 Elyazalee | 1 Sms-ovh | 2025-05-02 | 6.1 Medium |
| The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. | ||||
| CVE-2024-27684 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-05-02 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2022-44724 | 1 Stiltsoft | 1 Handy Macros For Confluence | 2025-05-02 | 8.9 High |
| The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-3721 | 1 Froxlor | 1 Froxlor | 2025-05-02 | 4.6 Medium |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | ||||
| CVE-2022-37710 | 1 Pattersondental | 1 Eaglesoft | 2025-05-02 | 7.8 High |
| Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file. | ||||
| CVE-2022-2904 | 1 Gitlab | 1 Gitlab | 2025-05-02 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2021-39473 | 1 Hotelmanager Project | 1 Hotelmanager | 2025-05-02 | 5.4 Medium |
| Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. | ||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2025-05-02 | 4.8 Medium |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | ||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2024-5032 | 1 Toolstack | 1 Sully | 2025-05-02 | 4.7 Medium |
| The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5074 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-02 | 5.4 Medium |
| The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2022-3462 | 1 Highlight Focus Project | 1 Highlight Focus | 2025-05-01 | 4.8 Medium |
| The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||