Export limit exceeded: 47131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47131 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55060 | 1 Rafed-system | 1 Rafed Cms Website | 2025-04-03 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-13019 | 1 Code-projects | 1 Chat System | 2025-04-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. | ||||
| CVE-2023-22910 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.4 Medium |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. | ||||
| CVE-2022-45558 | 2 Apple, Left Project | 2 Macos, Left | 2025-04-03 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. | ||||
| CVE-2022-45557 | 2 Apple, Left Project | 2 Macos, Left | 2025-04-03 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | ||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 5.4 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | ||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 6.1 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | ||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 6.1 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | ||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 6.1 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | ||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 6.1 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | ||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | 6.1 Medium |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | ||||
| CVE-2024-35396 | 1 Totolink | 3 Cp900, Cp900l, Cp900l Firmware | 2025-04-03 | 9.8 Critical |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | ||||
| CVE-2024-32327 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 5.5 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | ||||
| CVE-2024-32332 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 6.1 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | ||||
| CVE-2024-32333 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 4.3 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-32334 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 6.5 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2024-32335 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 5.4 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | ||||
| CVE-2024-31065 | 2 Munyweki, Sourcecodester | 2 Insurance Management System, Insurance Management System | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | ||||
| CVE-2024-31064 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | ||||
| CVE-2024-31063 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | 6.4 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | ||||