Export limit exceeded: 45775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45775 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35345 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 5.4 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting. | ||||
| CVE-2024-35351 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 5.4 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/SystemSettings.php?f=update_settings. Manipulating the parameter name results in cross-site scripting. | ||||
| CVE-2025-26619 | 2 Vega-functions Project, Vega Project | 2 Vega-functions, Vega | 2025-04-11 | 6.1 Medium |
| Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. The issue is patched in `vega` `5.31.0` and `vega-functions` `5.16.0`. Some workarounds are available. Run `vega` without `vega.expressionInterpreter`. This mode is not the default as it is slower. Alternatively, using the interpreter described in CSP safe mode (Content Security Policy) prevents arbitrary Javascript from running, so users of this mode are not affected by this vulnerability. | ||||
| CVE-2024-35582 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | ||||
| CVE-2024-35583 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | ||||
| CVE-2024-20334 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-11 | 5.5 Medium |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2023-38506 | 1 Joplin Project | 1 Joplin | 2025-04-11 | 8.2 High |
| Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-35352 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 6.1 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting. | ||||
| CVE-2024-31586 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. | ||||
| CVE-2021-41823 | 1 Kemptechnologies | 1 Web Application Firewall | 2025-04-11 | 6.1 Medium |
| The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. | ||||
| CVE-2024-34452 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2025-04-11 | 6.1 Medium |
| CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. | ||||
| CVE-2024-5595 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-11 | 5.4 Medium |
| The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-6651 | 2 Iptanus, Wordpress File Upload Project | 2 Wordpress File Upload, Wordpress File Upload | 2025-04-11 | 6.1 Medium |
| The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6494 | 2 Iptanus, Wordpress File Upload Project | 2 Wordpress File Upload, Wordpress File Upload | 2025-04-11 | 6.1 Medium |
| The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks. | ||||
| CVE-2024-6792 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 3.5 Low |
| The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. | ||||
| CVE-2024-7879 | 2 Technowich, Wpulike | 2 Wp Ulike, Wp Ulike | 2025-04-11 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-10104 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-11 | 5.9 Medium |
| The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-31544 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | ||||
| CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module. | ||||
| CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module. | ||||