Export limit exceeded: 346641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0121 | 1 Hoppscotch | 1 Hoppscotch | 2026-02-24 | 8 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1. | ||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-24 | 7.6 High |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | ||||
| CVE-2023-30860 | 1 Wwbn | 1 Avideo | 2026-02-24 | 8 High |
| WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | ||||
| CVE-2025-12303 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2026-02-24 | 2.4 Low |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12230 | 1 Projectworlds | 1 Expense Management System | 2026-02-24 | 2.4 Low |
| A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12229 | 1 Projectworlds | 1 Expense Management System | 2026-02-24 | 2.4 Low |
| A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-12227 | 1 Projectworlds | 1 Gate Pass Management System | 2026-02-24 | 3.5 Low |
| A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-11663 | 1 Campcodes | 1 Online Beauty Parlor Management System | 2026-02-24 | 4.7 Medium |
| A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-15374 | 1 Eyoucms | 1 Eyoucms | 2026-02-24 | 3.5 Low |
| A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | ||||
| CVE-2025-15188 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2026-02-24 | 2.4 Low |
| A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-15144 | 1 Xunruicms | 1 Xunruicms | 2026-02-24 | 4.3 Medium |
| A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15094 | 1 Sunkaifei | 1 Flycms | 2026-02-24 | 4.3 Medium |
| A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2025-15093 | 1 Sunkaifei | 1 Flycms | 2026-02-24 | 4.3 Medium |
| A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument redirectUrl results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13577 | 1 Phpgurukul | 1 Hostel Management System | 2026-02-24 | 3.5 Low |
| A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-13412 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2026-02-24 | 2.4 Low |
| A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing a manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-13181 | 2 H3blog, Pojoin | 2 H3blog, H3blog | 2026-02-24 | 3.5 Low |
| A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-13058 | 1 Extplorer | 1 Extplorer | 2026-02-24 | 3.5 Low |
| A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-11433 | 1 Itsourcecode | 1 Leave Management System | 2026-02-24 | 3.5 Low |
| A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-11390 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-02-24 | 4.3 Medium |
| A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-11332 | 1 Cmseasy | 1 Cmseasy | 2026-02-24 | 3.5 Low |
| A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||