Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22277 | 1 Vmware | 1 Cloud Director | 2025-03-13 | 6.4 Medium |
| VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. | ||||
| CVE-2021-29669 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-13 | 5.4 Medium |
| IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-48007 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-03-13 | 5.3 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. | ||||
| CVE-2024-46453 | 1 Honeywell | 2 Iq3xcite, Iq3xcite Firmware | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-42918 | 1 Adonesevangelista | 1 Online Accreditation Management System | 2025-03-13 | 5.4 Medium |
| itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php. | ||||
| CVE-2024-42008 | 1 Roundcube | 1 Webmail | 2025-03-13 | 9.3 Critical |
| A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | ||||
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2025-03-13 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | ||||
| CVE-2024-39094 | 1 Friendica | 1 Friendica | 2025-03-13 | 5.4 Medium |
| Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
| CVE-2024-25801 | 1 Skinsoft | 1 S-museum | 2025-03-13 | 4.6 Medium |
| SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file. | ||||
| CVE-2024-21584 | 1 Pleasanter | 1 Pleasanter | 2025-03-13 | 6.1 Medium |
| Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. | ||||
| CVE-2025-2086 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | 3.5 Low |
| A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2087 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2085 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | 3.5 Low |
| A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44717 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-42904 | 1 Syspass | 1 Syspass | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | ||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2025-03-13 | 5.4 Medium |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | ||||
| CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2025-03-13 | 6.1 Medium |
| The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-48937 | 1 Znuny | 1 Znuny | 2025-03-13 | 6.1 Medium |
| Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | ||||
| CVE-2024-44716 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-3986 | 1 Themeboy | 1 Sportspress | 2025-03-13 | 4.8 Medium |
| The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||