Export limit exceeded: 346601 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8180 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled. | ||||
| CVE-2023-34666 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2024-12-12 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. | ||||
| CVE-2024-8648 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.1 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. | ||||
| CVE-2024-26051 | 1 Adobe | 1 Experience Manager | 2024-12-12 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-25187 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 6.3 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities. | ||||
| CVE-2024-26050 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-12-12 | 4.8 Medium |
| Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-39599 | 1 Cszcms | 1 Csz Cms | 2024-12-12 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | ||||
| CVE-2023-33438 | 1 Wolterskluwer | 1 Teammate\+ | 2024-12-12 | 5.4 Medium |
| A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2023-30453 | 1 Teamlead | 1 Reminder | 2024-12-12 | 5.4 Medium |
| The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter. | ||||
| CVE-2023-0368 | 1 Responsive Tabs For Wpbakery Page Builder Project | 1 Responsive Tabs For Wpbakery Page Builder | 2024-12-12 | 5.4 Medium |
| The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2063 | 1 Mayurik | 1 Petrol Pump Management | 2024-12-12 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-34657 | 1 Eyoucms | 1 Eyoucms | 2024-12-12 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | ||||
| CVE-2023-2527 | 1 Crmperks | 1 Integration For Contact Form 7 And Zoho Crm\, Bigin | 2024-12-12 | 4.8 Medium |
| The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2023-35783 | 1 Faceted Search Project | 1 Faceted Search | 2024-12-11 | 6.3 Medium |
| The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data. | ||||
| CVE-2024-27794 | 1 Claris | 1 Filemaker Server | 2024-12-11 | 6.1 Medium |
| Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page. | ||||
| CVE-2024-55268 | 1 Phpgurukul | 1 Covid 19 Testing Management System | 2024-12-11 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. | ||||
| CVE-2024-48703 | 1 Anujk305 | 1 Medical Card Generation System | 2024-12-11 | 4.8 Medium |
| PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | ||||
| CVE-2020-20725 | 1 Taogogo | 1 Taocms | 2024-12-11 | 6.1 Medium |
| Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | ||||
| CVE-2020-20070 | 1 Diaowen | 1 Dwsurvey | 2024-12-11 | 6.1 Medium |
| Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | ||||
| CVE-2024-54935 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||||