Export limit exceeded: 47277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47277 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6792 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 3.5 Low |
| The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. | ||||
| CVE-2024-7879 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-10104 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-11 | 5.9 Medium |
| The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-31544 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | ||||
| CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | ||||
| CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | ||||
| CVE-2023-29508 | 1 Xwiki | 1 Xwiki | 2025-04-11 | 8.9 High |
| XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. | ||||
| CVE-2024-32339 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | ||||
| CVE-2024-32340 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 9.6 Critical |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module. | ||||
| CVE-2024-32341 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | ||||
| CVE-2024-32344 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | 6.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section. | ||||
| CVE-2024-32345 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | 7.2 High |
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section. | ||||
| CVE-2024-32743 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | ||||
| CVE-2024-32744 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | ||||
| CVE-2024-30879 | 1 Rageframe | 1 Rageframe | 2025-04-11 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | ||||
| CVE-2024-32745 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.9 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | ||||
| CVE-2024-30880 | 1 Rageframe | 1 Rageframe | 2025-04-11 | 5.4 Medium |
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | ||||
| CVE-2014-125027 | 1 Tbdev Project | 1 Tbdev | 2025-04-11 | 3.5 Low |
| A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The patch is named 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147. | ||||
| CVE-2024-30883 | 1 Rageframe | 1 Rageframe | 2025-04-11 | 4.7 Medium |
| Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function. | ||||
| CVE-2020-36635 | 1 Openmrs | 1 Appointment Scheduling Module | 2025-04-11 | 3.5 Low |
| A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915. | ||||