Export limit exceeded: 46017 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46017 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0447 | 1 Google | 1 Chrome | 2025-04-21 | 8.8 High |
| Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-0443 | 1 Google | 1 Chrome | 2025-04-21 | 8.8 High |
| Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-36607 | 1 Feehi | 1 Feehicms | 2025-04-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | ||||
| CVE-2020-20589 | 1 Feehi | 1 Feehicms | 2025-04-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | ||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2025-04-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | ||||
| CVE-2021-39427 | 1 Vtimecn | 1 188jianzhan | 2025-04-21 | 5.4 Medium |
| Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. | ||||
| CVE-2021-36573 | 1 Feehi | 1 Feehicms | 2025-04-21 | 5.4 Medium |
| File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. | ||||
| CVE-2021-36572 | 1 Feehi | 1 Feehicms | 2025-04-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. | ||||
| CVE-2025-29015 | 1 Codeastro | 1 Internet Banking System | 2025-04-21 | 6.1 Medium |
| Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. | ||||
| CVE-2022-40004 | 1 Thingsboard | 1 Thingsboard | 2025-04-21 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. | ||||
| CVE-2024-56409 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2024-12717 | 1 Aklamator | 1 Infeed | 2025-04-21 | 4.8 Medium |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12731 | 1 Aklamator | 1 Infeed | 2025-04-21 | 6.1 Medium |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-55341 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-21 | 4.7 Medium |
| A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. | ||||
| CVE-2024-54774 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-21 | 4.8 Medium |
| Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. | ||||
| CVE-2024-56365 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendor/phpoffice/phpspreadsheet/samples/download.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2024-56366 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2024-42195 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-21 | 3.1 Low |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||||
| CVE-2022-40002 | 1 Feehi | 1 Feehicms | 2025-04-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. | ||||
| CVE-2022-40001 | 1 Feehi | 1 Feehicms | 2025-04-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. | ||||