Export limit exceeded: 347908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53494 | 2 Mediawiki, Wmde-fisch | 2 Mediawiki, Twocolconflict | 2025-09-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-36056 | 1 Ibm | 7 3948-ved, 3948-ved Firmware, 3948-vef and 4 more | 2025-09-30 | 5.4 Medium |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2141 | 1 Ibm | 7 3948-ved, 3948-ved Firmware, 3948-vef and 4 more | 2025-09-30 | 6.1 Medium |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-53500 | 2 Malvineous, Mediawiki | 2 Masseditregex, Mediawiki | 2025-09-30 | 5.6 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension allows Stored XSS.This issue affects Mediawiki - MassEditRegex Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-32999 | 1 Appleple | 1 A-blog Cms | 2025-09-30 | 5.4 Medium |
| Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | ||||
| CVE-2024-35591 | 1 Zoneland | 1 O2oa | 2025-09-30 | 5.4 Medium |
| An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2023-3144 | 1 Razormist | 1 Online Discussion Forum Site | 2025-09-30 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | ||||
| CVE-2023-3143 | 1 Razormist | 1 Online Discussion Forum Site | 2025-09-30 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | ||||
| CVE-2024-13080 | 1 Phpgurukul | 1 Land Record System | 2025-09-30 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11078 | 2 Anisha, Code-projects | 2 Job Recruitment, Job Recruitment | 2025-09-30 | 3.5 Low |
| A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-2826 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2025-09-30 | 3.5 Low |
| A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | ||||
| CVE-2023-3986 | 2 Oretnom23, Simple Online Mens Salon Management System Project | 2 Simple Online Men\'s Salon Management System, Simple Online Mens Salon Management System | 2025-09-30 | 2.4 Low |
| A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607. | ||||
| CVE-2024-31914 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-09-29 | 6.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-41610 | 1 Dlink | 2 Dir-820lw, Dir-820lw Firmware | 2025-09-29 | 9.8 Critical |
| D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. | ||||
| CVE-2024-45031 | 1 Apache | 1 Syncope | 2025-09-29 | 6.1 Medium |
| When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser when editing “Personal Information” or “User Requests”: such payloads would trigger for administrators in Syncope Console, thus enabling session hijacking. Users are recommended to upgrade to version 3.0.9, which fixes this issue. | ||||
| CVE-2024-7218 | 2 Oretnom23, Sourcecodester | 2 School Log Management System, School Log Management System | 2025-09-29 | 3.5 Low |
| A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2025-55998 | 1 Mezereon | 1 Smart Search And Filter | 2025-09-29 | 8.1 High |
| A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter | ||||
| CVE-2024-57601 | 1 Easyappointments | 1 Easyappointments | 2025-09-29 | 6.1 Medium |
| Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter. | ||||
| CVE-2024-51229 | 1 Pb-cms Project | 1 Pb-cms | 2025-09-29 | 8.8 High |
| Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. | ||||
| CVE-2024-45962 | 1 Octobercms | 1 October | 2025-09-29 | 4.7 Medium |
| October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. | ||||