Export limit exceeded: 45914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27494 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | 5.3 Medium |
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | ||||
| CVE-2021-22644 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | ||||
| CVE-2022-46287 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | 6.1 Medium |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-41993 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | 6.1 Medium |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-40743 | 1 Apache | 1 Traffic Server | 2025-04-17 | 6.1 Medium |
| Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. | ||||
| CVE-2022-40435 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2025-04-17 | 4.8 Medium |
| Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. | ||||
| CVE-2022-46670 | 1 Rockwellautomation | 10 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 7 more | 2025-04-17 | 7.1 High |
| Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. | ||||
| CVE-2022-3987 | 1 Noorsplugin | 1 Responsive Lightbox2 | 2025-04-17 | 5.4 Medium |
| The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-39160 | 1 Ibm | 1 Cognos Analytics | 2025-04-17 | 6.1 Medium |
| IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. | ||||
| CVE-2024-54687 | 1 Vtiger | 1 Vtiger Crm | 2025-04-17 | 6.1 Medium |
| Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | ||||
| CVE-2024-35498 | 1 Getgrav | 1 Grav | 2025-04-17 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-56410 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-17 | 5.4 Medium |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | ||||
| CVE-2024-10706 | 1 W3eden | 1 Download Manager | 2025-04-17 | 4.8 Medium |
| The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-52676 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2025-04-17 | 5.4 Medium |
| Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. | ||||
| CVE-2022-25929 | 1 Smoothiecharts | 1 Smoothie Charts | 2025-04-16 | 5.4 Medium |
| The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. | ||||
| CVE-2023-45552 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | 6.5 Medium |
| In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal. | ||||
| CVE-2024-34224 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-16 | 7.3 High |
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | ||||
| CVE-2024-29865 | 1 Logpoint | 1 Siem | 2025-04-16 | 5.4 Medium |
| Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. | ||||