Export limit exceeded: 46938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46938 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4602 | 1 Shoplazza | 1 Lifestyle | 2025-04-15 | 3.5 Low |
| A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability. | ||||
| CVE-2022-3877 | 1 Clickstudios | 1 Passwordstate | 2025-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-36621 | 1 Whatismyudid Project | 1 Whatismyudid | 2025-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-36416 | 1 Microsoft | 1 Dynamics 365 | 2025-04-14 | 6.1 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2022-29853 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | 5.4 Medium |
| OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | ||||
| CVE-2022-29852 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | 5.4 Medium |
| OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. | ||||
| CVE-2021-30134 | 6 Ht Slider Range For Amazon Affiliates Project, Php Curl Class Project, Ptwooplugins and 3 more | 6 Ht Slider Range For Amazon Affiliates, Php Curl Class, Invoicing With Invoicexpress For Woocommerce and 3 more | 2025-04-14 | 6.1 Medium |
| php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. | ||||
| CVE-2022-4336 | 1 Bt | 1 Baota | 2025-04-14 | 5.4 Medium |
| In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. | ||||
| CVE-2022-45892 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 5.4 Medium |
| In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. | ||||
| CVE-2022-45890 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 6.1 Medium |
| In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). | ||||
| CVE-2022-4105 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-04-14 | 5.4 Medium |
| A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page. | ||||
| CVE-2022-4617 | 1 Microweber | 1 Microweber | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2022-4615 | 1 Open-emr | 1 Openemr | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4614 | 1 Znote | 1 Znote | 2025-04-14 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11. | ||||
| CVE-2022-4609 | 1 Usememos | 1 Memos | 2025-04-14 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4605 | 1 Flatpress | 1 Flatpress | 2025-04-14 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2022-4503 | 1 Open-emr | 1 Openemr | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4502 | 1 Open-emr | 1 Openemr | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4414 | 1 Nuxt | 1 Framework | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | ||||
| CVE-2022-4413 | 1 Nuxt | 1 Framework | 2025-04-14 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | ||||