Export limit exceeded: 47132 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-32369 1 Kentico 1 Xperience 2025-04-08 6.4 Medium
Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.
CVE-2025-3297 1 Oretnom23 1 Online Eyewear Shop 2025-04-08 3.5 Low
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-1712 1 Majeedraza 1 Carousel Slider 2025-04-08 4.7 Medium
The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-3776 1 Netvision 1 Airpass 2025-04-08 6.1 Medium
The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
CVE-2022-45729 1 Phpgurukul 1 Doctor Appointment Management System 2025-04-08 6.1 Medium
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.
CVE-2022-45728 1 Phpgurukul 1 Doctor Appointment Management System 2025-04-08 6.1 Medium
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2022-3573 2 Abb, Gitlab 2 Drive Composer, Gitlab 2025-04-08 5.4 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
CVE-2024-28404 1 Totolink 2 X2000r, X2000r Firmware 2025-04-08 8 High
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVE-2024-27703 1 Leantime 1 Leantime 2025-04-08 5.4 Medium
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.
CVE-2024-27477 1 Leantime 1 Leantime 2025-04-08 6.1 Medium
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks.
CVE-2024-22718 1 Formtools 1 Form Tools 2025-04-08 9.6 Critical
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.
CVE-2024-22717 1 Formtools 1 Form Tools 2025-04-08 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.
CVE-2024-29220 1 Ninjaforms 1 Ninja Forms 2025-04-08 6.1 Medium
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
CVE-2024-26019 1 Ninjaforms 1 Ninja Forms 2025-04-08 5.4 Medium
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
CVE-2022-46622 1 Judging Management System Project 1 Judging Management System 2025-04-08 6.1 Medium
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
CVE-2022-46503 1 Online Student Enrollment System Project 1 Online Student Enrollment System 2025-04-08 5.4 Medium
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.
CVE-2024-28402 1 Totolink 2 X2000r, X2000r Firmware 2025-04-08 5.9 Medium
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVE-2022-42967 1 Caret 1 Caret 2025-04-08 7.5 High
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.
CVE-2022-47102 1 Phpgurukul 1 Student Study Center Management System 2025-04-08 5.4 Medium
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
CVE-2022-46438 1 Douco 1 Douphp 2025-04-08 5.4 Medium
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.