Export limit exceeded: 347694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | 5.9 Medium |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | ||||
| CVE-2024-46470 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 6.1 Medium |
| Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | ||||
| CVE-2024-45528 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 5.4 Medium |
| CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. | ||||
| CVE-2024-39659 | 1 Lesterchan | 1 Wp-postratings | 2025-03-31 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. | ||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2025-03-31 | 6.1 Medium |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | ||||
| CVE-2021-34650 | 1 Eideasy | 1 Eid Easy | 2025-03-31 | 5.4 Medium |
| The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | ||||
| CVE-2021-39337 | 1 Job-portal Project | 1 Job-portal | 2025-03-31 | 5.5 Medium |
| The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39345 | 1 Cnrs | 1 Hal | 2025-03-31 | 5.5 Medium |
| The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39338 | 1 Mybb Cross-poster Project | 1 Mybb Cross-poster | 2025-03-31 | 5.5 Medium |
| The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39335 | 1 Wpgenious | 1 Wpgenius Job Listing | 2025-03-31 | 5.5 Medium |
| The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-39354 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-03-31 | 4.8 Medium |
| The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2. | ||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | 5.9 Medium |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | ||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | 5.9 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | ||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | 5.4 Medium |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | ||||
| CVE-2021-39346 | 1 Supsystic | 1 Easy Google Maps | 2025-03-31 | 4.8 Medium |
| The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2021-38356 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-03-31 | 6.1 Medium |
| The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page']. | ||||
| CVE-2021-39340 | 1 Bracketspace | 1 Notification | 2025-03-31 | 4.8 Medium |
| The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2023-0470 | 1 Modoboa | 1 Modoboa | 2025-03-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0488 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2025-03-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. | ||||
| CVE-2024-43292 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-03-31 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16. | ||||