Export limit exceeded: 47051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47051 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0949 1 Modoboa 1 Modoboa 2025-03-12 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
CVE-2023-22972 1 Open-emr 1 Openemr 2025-03-12 5.4 Medium
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVE-2022-46785 1 Squaredup 1 Dashboard Server 2025-03-12 6.1 Medium
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).
CVE-2022-46786 1 Squaredup 1 Dashboard Server 2025-03-12 5.4 Medium
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).
CVE-2023-38121 1 Inductiveautomation 1 Ignition 2025-03-12 9.0 Critical
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20355.
CVE-2023-0044 2 Quarkus, Redhat 3 Quarkus, Build Of Quarkus, Quarkus 2025-03-12 6.1 Medium
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CVE-2023-26462 1 Thingsboard 1 Thingsboard 2025-03-12 8.1 High
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)
CVE-2024-2270 1 Keerti1924 1 Online Bookstore Website 2025-03-12 4.3 Medium
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256040. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2274 1 Bdtask 1 G-prescription Gynaecology \& Obs Consultation 2025-03-12 2.4 Low
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2275 1 Bdtask 1 G-prescription Gynaecology \& Obs Consultation 2025-03-12 2.4 Low
A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2276 1 Bdtask 1 G-prescription Gynaecology \& Obs Consultation 2025-03-12 2.4 Low
A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2284 1 Boyiddha 1 Automated-mess-management-system 2025-03-12 3.5 Low
A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2285 1 Boyiddha 1 Automated-mess-management-system 2025-03-12 3.5 Low
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2127 1 Joomlaux 1 Jux Real Estate 2025-03-11 4.3 Medium
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2130 1 Openxe 1 Openxe 2025-03-11 3.5 Low
A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2131 1 Xunruicms 1 Xunruicms 2025-03-11 2.4 Low
A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2133 1 Ftcms 1 Ftcms 2025-03-11 2.4 Low
A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0469 1 Wpmudev 1 Forminator Forms 2025-03-11 6.4 Medium
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-48344 1 Jetbrains 1 Teamcity 2025-03-11 5.4 Medium
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
CVE-2023-26091 1 Frappant 1 Forms Export 2025-03-11 6.1 Medium
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.