Export limit exceeded: 351477 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2025-04-28 | 9.8 Critical |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | ||||
| CVE-2024-25837 | 1 Octobercms | 1 October | 2025-04-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section. | ||||
| CVE-2023-52048 | 1 Ruoyi | 1 Ruoyi | 2025-04-28 | 4.7 Medium |
| RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. | ||||
| CVE-2022-42985 | 1 Scratch-wiki | 1 Scratch Login | 2025-04-25 | 4.8 Medium |
| The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). | ||||
| CVE-2022-38147 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | ||||
| CVE-2022-38145 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | ||||
| CVE-2022-37430 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | ||||
| CVE-2022-37429 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | ||||
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/cms through 4.11.0 allows XSS. | ||||
| CVE-2023-49034 | 1 Projeqtor | 1 Projeqtor | 2025-04-25 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files. | ||||
| CVE-2023-46967 | 1 Enhancesoft | 1 Osticket | 2025-04-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. | ||||
| CVE-2022-3516 | 1 Librenms | 1 Librenms | 2025-04-25 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-38114 | 1 Solarwinds | 1 Security Event Manager | 2025-04-25 | 6.1 Medium |
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS. | ||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-45221 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-25 | 4.8 Medium |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. | ||||
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | ||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | 5.4 Medium |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | ||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | 6.1 Medium |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | ||||
| CVE-2022-44284 | 1 Dinstar | 2 Dag2000-16o, Dag2000-16o Firmware | 2025-04-25 | 5.4 Medium |
| Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2025-04-25 | 4.8 Medium |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||