Export limit exceeded: 351469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46007 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | ||||
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2025-04-29 | 5.4 Medium |
| It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | ||||
| CVE-2022-42786 | 1 Wut | 34 At-modem-emulator, At-modem-emulator Firmware, Com-server 20ma and 31 more | 2025-04-29 | 5.4 Medium |
| Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage | ||||
| CVE-2024-13884 | 1 Rivercitygraphix | 1 Limit Bio | 2025-04-29 | 7.1 High |
| The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13885 | 1 Webtechglobal | 1 Wp E-customers Beta | 2025-04-29 | 7.1 High |
| The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13891 | 1 Scheduler | 1 Schedule | 2025-04-29 | 7.1 High |
| The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-1401 | 1 S-a | 1 Wp Click Info | 2025-04-29 | 7.1 High |
| The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2022-45225 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-29 | 6.1 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | ||||
| CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | ||||
| CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | ||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2025-04-29 | 4.9 Medium |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | ||||
| CVE-2022-38390 | 1 Ibm | 1 Business Automation Workflow | 2025-04-29 | 5.4 Medium |
| Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | ||||
| CVE-2025-3130 | 1 Drupal | 1 Obfuscate | 2025-04-29 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. | ||||
| CVE-2022-42989 | 1 Sankhya | 1 Sankhya Om | 2025-04-29 | 9 Critical |
| ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. | ||||
| CVE-2022-38724 | 1 Silverstripe | 3 Asset Admin, Assets, Framework | 2025-04-29 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | ||||
| CVE-2022-38462 | 1 Silverstripe | 1 Framework | 2025-04-29 | 6.1 Medium |
| Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | ||||
| CVE-2022-35501 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | ||||
| CVE-2022-35500 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | ||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2025-04-28 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | ||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2025-04-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||