Export limit exceeded: 45680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45680 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13880 | 1 Dropstr | 1 My Quota | 2025-04-08 | 7.1 High |
| The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13881 | 1 Gunnettmd | 1 Linkmyposts | 2025-04-08 | 7.1 High |
| The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-3904 | 1 Monsterinsights | 1 Monsterinsights | 2025-04-08 | 6.1 Medium |
| The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. | ||||
| CVE-2024-1905 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 5.9 Medium |
| The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-3326 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32369 | 1 Kentico | 1 Xperience | 2025-04-08 | 6.4 Medium |
| Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. | ||||
| CVE-2025-3297 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-1712 | 1 Majeedraza | 1 Carousel Slider | 2025-04-08 | 4.7 Medium |
| The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3776 | 1 Netvision | 1 Airpass | 2025-04-08 | 6.1 Medium |
| The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | ||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2025-04-08 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | ||||
| CVE-2024-28404 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 8 High |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-27703 | 1 Leantime | 1 Leantime | 2025-04-08 | 5.4 Medium |
| Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. | ||||
| CVE-2024-27477 | 1 Leantime | 1 Leantime | 2025-04-08 | 6.1 Medium |
| In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2024-22718 | 1 Formtools | 1 Form Tools | 2025-04-08 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | ||||
| CVE-2024-22717 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | ||||
| CVE-2024-29220 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 6.1 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||
| CVE-2024-26019 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 5.4 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||