Export limit exceeded: 45987 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45987 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42637 | 1 H3c | 2 R3010, R3010 Firmware | 2025-05-27 | 9.8 Critical |
| H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2023-49485 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-05-27 | 5.4 Medium |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | ||||
| CVE-2023-46494 | 1 Evershop | 1 Evershop | 2025-05-27 | 6.1 Medium |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | ||||
| CVE-2023-44856 | 1 Cobham | 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware | 2025-05-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file. | ||||
| CVE-2022-41319 | 1 Veritas | 1 Desktop And Laptop Option | 2025-05-27 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). | ||||
| CVE-2022-40088 | 1 Simple College Website Project | 1 Simple College Website | 2025-05-27 | 6.1 Medium |
| Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||||
| CVE-2023-6646 | 1 Sissbruecker | 1 Linkding | 2025-05-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. | ||||
| CVE-2023-44854 | 1 Cobham | 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware | 2025-05-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | ||||
| CVE-2023-44852 | 1 Cobham | 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware | 2025-05-27 | 8.2 High |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | ||||
| CVE-2020-25730 | 1 Zoneminder | 1 Zoneminder | 2025-05-27 | 8.2 High |
| Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php. | ||||
| CVE-2023-4709 | 1 Totvs | 1 Rm | 2025-05-27 | 3.1 Low |
| A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. It is possible to mitigate the problem by applying the configuration setting <pages validateRequest="true" [...] viewStateEncryptionMode="Always" />. It is recommended to change the configuration settings. The vendor was initially contacted early about this disclosure but did not respond in any way. In a later statement he explains, that "the behavior described [...] is related to specific configurations that are not part of the default application setup. In standard production environments, the relevant feature (VIEWSTATE) is disabled by default, which effectively mitigates the risk of exploitation." | ||||
| CVE-2025-2206 | 1 Aitangbao | 1 Springboot-manager | 2025-05-26 | 2.4 Low |
| A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0692 | 1 Maximize | 1 Simple Video Management System | 2025-05-26 | 3.5 Low |
| The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13332 | 1 Kwmsources | 1 Transfinanz | 2025-05-26 | 6.1 Medium |
| The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-1830 | 1 Zframeworks | 1 Zz | 2025-05-26 | 2.4 Low |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12723 | 1 Infility | 1 Infility Global | 2025-05-24 | 6.1 Medium |
| The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-53357 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-24 | 7.5 High |
| Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduserroute; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/usersroute; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | ||||
| CVE-2021-34660 | 1 Verygoodplugins | 1 Wp Fusion | 2025-05-23 | 6.1 Medium |
| The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18. | ||||
| CVE-2021-34640 | 1 Securimage-wp-fixed Project | 1 Securimage-wp-fixed | 2025-05-23 | 6.1 Medium |
| The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. | ||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2025-05-23 | 6.1 Medium |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | ||||