Export limit exceeded: 347145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45637 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49793 | 1 Ibm | 1 Applinx | 2025-02-22 | 5.4 Medium |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-49792 | 1 Ibm | 1 Applinx | 2025-02-22 | 5.4 Medium |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-49791 | 1 Ibm | 1 Applinx | 2025-02-22 | 6.4 Medium |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-5136 | 1 Phpgurukul | 1 Directory Management System | 2025-02-21 | 2.4 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265212. | ||||
| CVE-2024-3526 | 1 Campcodes | 1 Online Event Management System | 2025-02-21 | 3.5 Low |
| A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability. | ||||
| CVE-2025-0981 | 1 Churchcrm | 1 Churchcrm | 2025-02-21 | 6.1 Medium |
| A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's session by exploiting a Stored Cross Site Scripting (XSS) vulnerability in the Group Editor page. This allows admin users to inject malicious JavaScript in the description field, which captures the session cookie of authenticated users. The cookie can then be sent to an external server, enabling session hijacking. It can also lead to information disclosure, as exposed session cookies can be used to impersonate users and gain unauthorised access to sensitive information. | ||||
| CVE-2025-1208 | 1 Anisha | 1 Wazifa System | 2025-02-21 | 3.5 Low |
| A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /Profile.php. The manipulation of the argument postcontent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-23979 | 1 Etoilewebdesign | 1 Ultimate Reviews | 2025-02-20 | 4.8 Medium |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). | ||||
| CVE-2024-4722 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 3.5 Low |
| A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800. | ||||
| CVE-2024-4721 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 3.5 Low |
| A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799. | ||||
| CVE-2025-1196 | 1 Fabian | 1 Real Estate Property Management System | 2025-02-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-1195 | 1 Fabian | 1 Real Estate Property Management System | 2025-02-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-36920 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 4.8 Medium |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | ||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | ||||
| CVE-2022-23980 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2025-02-20 | 4.7 Medium |
| Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'. | ||||
| CVE-2021-26256 | 1 Ays-pro | 1 Survey Maker | 2025-02-20 | 4.7 Medium |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | ||||
| CVE-2022-25601 | 2 Fedoraproject, Plugin-planet | 2 Fedora, Contact Form X | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | ||||
| CVE-2022-25603 | 1 Maxfoundry | 1 Maxgalleria | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | ||||
| CVE-2022-25604 | 1 Price Table Project | 1 Price Table | 2025-02-20 | 4.1 Medium |
| Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | ||||
| CVE-2022-25605 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | ||||