Export limit exceeded: 45775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45775 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9171 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8362 | 2 Drupal, Googletag Manager Project | 2 Drupal, Googletag Manager | 2025-08-21 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. | ||||
| CVE-2024-5383 | 1 Lakernote | 1 Easyadmin | 2025-08-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability. | ||||
| CVE-2025-9091 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 2.5 Low |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-57731 | 1 Jetbrains | 1 Youtrack | 2025-08-21 | 8.7 High |
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | ||||
| CVE-2025-57703 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2025-57702 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2025-57701 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2025-57700 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Stored Cross-site Scripting | ||||
| CVE-2025-51488 | 1 Moonshine | 1 Moonshine | 2025-08-21 | 4.9 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin. | ||||
| CVE-2025-51487 | 1 Moonshine | 1 Moonshine | 2025-08-21 | 4.5 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article. | ||||
| CVE-2025-51489 | 1 Moonshine | 1 Moonshine | 2025-08-21 | 4.5 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened. | ||||
| CVE-2024-26484 | 1 Getkirby | 1 Kirby | 2025-08-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled. | ||||
| CVE-2023-3834 | 1 Bugfinder | 1 Ex-rate | 2025-08-21 | 3.5 Low |
| A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3847 | 1 Moosocial | 1 Moodating | 2025-08-21 | 3.5 Low |
| A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | ||||
| CVE-2023-3858 | 1 Phpscriptpoint | 1 Car Listing | 2025-08-21 | 3.5 Low |
| A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-54411 | 1 Discourse | 1 Discourse | 2025-08-21 | N/A |
| Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate any users for the time being. This vulnerability is fixed in 3.5.0.beta8. | ||||
| CVE-2024-34449 | 1 B3log | 1 Vditor | 2025-08-21 | 6.1 Medium |
| Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true. | ||||
| CVE-2024-30953 | 1 Htmly | 1 Htmly | 2025-08-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module. | ||||
| CVE-2025-8910 | 1 Wellchoose | 1 Organization Portal System | 2025-08-21 | 6.1 Medium |
| Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||