Export limit exceeded: 45669 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45669 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23012 | 1 Classroombookings | 1 Classroombookings | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. | ||||
| CVE-2023-23010 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. | ||||
| CVE-2022-40034 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-03 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. | ||||
| CVE-2020-24901 | 1 Krpano | 1 Krpano | 2025-04-03 | 6.1 Medium |
| The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url. | ||||
| CVE-2024-13074 | 1 Phpgurukul | 1 Land Record System | 2025-04-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-4250 | 1 Metagauss | 1 Eventprime | 2025-04-03 | 6.1 Medium |
| The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-2049 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2047 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-03 | 3.5 Low |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1967 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2025-04-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1957 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22547 | 1 Wayos | 2 Ibr-7150, Ibr-7150 Firmware | 2025-04-03 | 4.7 Medium |
| WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2024-25369 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-04-03 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. | ||||
| CVE-2023-42308 | 1 Code-projects | 1 Exam Form Submission | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section. | ||||
| CVE-2024-24097 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | ||||
| CVE-2024-12982 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 2.4 Low |
| A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-38110 | 1 Solarwinds | 1 Database Performance Analyzer | 2025-04-03 | 5.4 Medium |
| In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. | ||||
| CVE-2023-1030 | 1 Online Boat Reservation System Project | 1 Online Boat Reservation System | 2025-04-03 | 3.5 Low |
| A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37798 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-03 | 5.9 Medium |
| Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | ||||
| CVE-2024-34796 | 1 Accessally | 1 Popupally | 2025-04-03 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | ||||
| CVE-2025-27914 | 1 Zimbra | 1 Collaboration | 2025-04-02 | 5.4 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim. | ||||