Export limit exceeded: 46011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1949 | 1 Zzcms | 1 Zzcms | 2025-04-23 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2025-04-23 | 8.3 High |
| MegaRAC Default Credentials Vulnerability | ||||
| CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 3.5 Low |
| A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37859 | 2 Oretnom23, Sourcecodester | 2 Lost And Found Information System, Lost And Found Information System | 2025-04-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | ||||
| CVE-2025-3253 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 3.5 Low |
| A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24050 | 1 Remyandrade | 1 Workout Journal App | 2025-04-23 | 4.7 Medium |
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. | ||||
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2025-04-23 | 2.1 Low |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | ||||
| CVE-2022-45758 | 1 Sens Project | 1 Sens | 2025-04-23 | 5.4 Medium |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | ||||
| CVE-2022-45008 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 4.8 Medium |
| Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. | ||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2025-04-23 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | ||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2025-04-23 | 6.1 Medium |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | ||||
| CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2025-04-23 | 7.5 High |
| MegaRAC Default Credentials Vulnerability | ||||
| CVE-2024-46494 | 1 Typecho | 1 Typecho | 2025-04-23 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | ||||
| CVE-2024-29392 | 1 Silverpeas | 1 Silverpeas | 2025-04-23 | 5.4 Medium |
| Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | ||||
| CVE-2024-33102 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | ||||
| CVE-2024-33101 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | ||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | ||||
| CVE-2023-51254 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-04-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | ||||
| CVE-2024-46410 | 1 Publiccms | 1 Publiccms | 2025-04-23 | 4.8 Medium |
| PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | ||||
| CVE-2022-44213 | 1 Zkteco | 1 Automatic Data Master Server | 2025-04-22 | 4.8 Medium |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | ||||