Export limit exceeded: 46006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46006 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | 6 Medium |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. | ||||
| CVE-2022-3895 | 1 Hallowelt | 2 Bluespice, Common User Interface | 2025-04-29 | 4 Medium |
| Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | ||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | 6.1 Medium |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | 3.5 Low |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | 7.1 High |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.4 Medium |
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||||
| CVE-2022-45015 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. | ||||
| CVE-2022-45014 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | ||||
| CVE-2022-45013 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | ||||
| CVE-2022-45012 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | ||||
| CVE-2022-44787 | 1 Maggioli | 1 Appalti \& Contratti | 2025-04-29 | 6.1 Medium |
| An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized. | ||||
| CVE-2022-43142 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | ||||
| CVE-2022-36180 | 1 Fusiondirectory | 1 Fusiondirectory | 2025-04-29 | 9.6 Critical |
| Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. | ||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | ||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | ||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | ||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | ||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | ||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | ||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | ||||