Export limit exceeded: 349442 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45791 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7143 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7142 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7140 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39123 | 1 Janeczku | 1 Calibre-web | 2025-07-09 | 5.4 Medium |
| In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. | ||||
| CVE-2025-7139 | 1 Mayurik | 1 Best Salon Management System | 2025-07-09 | 2.4 Low |
| A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48470 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | 4.1 Medium |
| Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation. | ||||
| CVE-2024-57605 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-07-09 | 5.4 Medium |
| Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. | ||||
| CVE-2025-25957 | 1 Xunruicms | 1 Xunruicms | 2025-07-09 | 6.1 Medium |
| Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. | ||||
| CVE-2024-2299 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | 6.1 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is executed when the file is accessed. This vulnerability is remotely exploitable via Cross-Site Request Forgery (CSRF), allowing attackers to perform actions on behalf of authenticated users and potentially leading to unauthorized access to sensitive information within the Lollms-webui application. | ||||
| CVE-2024-1602 | 1 Lollms | 1 Lollms Web Ui | 2025-07-09 | 6.1 Medium |
| parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output. | ||||
| CVE-2025-7182 | 1 Itsourcecode | 1 Student Transcript Processing System | 2025-07-09 | 4.3 Medium |
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-4118 | 1 Iscute | 1 Cute Http File Server | 2025-07-09 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-29152 | 1 Lemeconsultoria | 1 Galera | 2025-07-09 | 7.6 High |
| Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, Decision Level Registration, Perspective Registration, Company Group Registration, Company Registration, News Registration, Employee Editing, Goal Team Registration, Learning Resource Type Registration, Learning Resource Family Registration, Learning Resource Supplier Registration, and Cycle Maintenance. | ||||
| CVE-2025-2709 | 1 Yonyou | 1 Ufida Erp-nc | 2025-07-09 | 4.3 Medium |
| A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2710 | 1 Yonyou | 1 Ufida Erp-nc | 2025-07-09 | 4.3 Medium |
| A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48920 | 1 Etracker | 1 Etracker | 2025-07-08 | 7.3 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0. | ||||
| CVE-2025-48917 | 1 Freelance-it-consultant | 1 Eu Cookie Compliance | 2025-07-08 | 5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0. | ||||
| CVE-2024-35146 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.4 Medium |
| IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-35145 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.1 Medium |
| IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-7153 | 1 Codeastro | 1 Simple Hospital Management System | 2025-07-08 | 3.5 Low |
| A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||