Export limit exceeded: 47277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47277 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6792 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 3.5 Low
The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
CVE-2024-7879 2 Technowich, Wpulike 2 Wp Ulike, Wp Ulike 2025-04-11 4.8 Medium
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-10104 1 Blueglass 1 Jobs For Wordpress 2025-04-11 5.9 Medium
The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2024-31544 1 Oretnom23 1 Computer Laboratory Management System 2025-04-11 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.
CVE-2024-32337 1 Wondercms 1 Wondercms 2025-04-11 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVE-2024-32338 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVE-2023-29508 1 Xwiki 1 Xwiki 2025-04-11 8.9 High
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
CVE-2024-32339 1 Wondercms 1 Wondercms 2025-04-11 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVE-2024-32340 1 Wondercms 1 Wondercms 2025-04-11 9.6 Critical
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVE-2024-32341 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVE-2024-32344 1 Cmsimple 1 Cmsimple 2025-04-11 6.8 Medium
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVE-2024-32345 1 Cmsimple 1 Cmsimple 2025-04-11 7.2 High
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
CVE-2024-32743 1 Wondercms 1 Wondercms 2025-04-11 5.5 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
CVE-2024-32744 1 Wondercms 1 Wondercms 2025-04-11 4.6 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
CVE-2024-30879 1 Rageframe 1 Rageframe 2025-04-11 6.1 Medium
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.
CVE-2024-32745 1 Wondercms 1 Wondercms 2025-04-11 5.9 Medium
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
CVE-2024-30880 1 Rageframe 1 Rageframe 2025-04-11 5.4 Medium
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.
CVE-2014-125027 1 Tbdev Project 1 Tbdev 2025-04-11 3.5 Low
A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The patch is named 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147.
CVE-2024-30883 1 Rageframe 1 Rageframe 2025-04-11 4.7 Medium
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.
CVE-2020-36635 1 Openmrs 1 Appointment Scheduling Module 2025-04-11 3.5 Low
A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915.