Export limit exceeded: 47132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47132 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32369 | 1 Kentico | 1 Xperience | 2025-04-08 | 6.4 Medium |
| Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. | ||||
| CVE-2025-3297 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-1712 | 1 Majeedraza | 1 Carousel Slider | 2025-04-08 | 4.7 Medium |
| The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3776 | 1 Netvision | 1 Airpass | 2025-04-08 | 6.1 Medium |
| The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | ||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2025-04-08 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | ||||
| CVE-2024-28404 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 8 High |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-27703 | 1 Leantime | 1 Leantime | 2025-04-08 | 5.4 Medium |
| Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. | ||||
| CVE-2024-27477 | 1 Leantime | 1 Leantime | 2025-04-08 | 6.1 Medium |
| In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2024-22718 | 1 Formtools | 1 Form Tools | 2025-04-08 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | ||||
| CVE-2024-22717 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | ||||
| CVE-2024-29220 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 6.1 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||
| CVE-2024-26019 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 5.4 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||
| CVE-2022-46622 | 1 Judging Management System Project | 1 Judging Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
| CVE-2022-46503 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | ||||
| CVE-2024-28402 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 5.9 Medium |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2022-42967 | 1 Caret | 1 Caret | 2025-04-08 | 7.5 High |
| Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. | ||||
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2022-46438 | 1 Douco | 1 Douphp | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | ||||