Export limit exceeded: 45680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45680 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46622 | 1 Judging Management System Project | 1 Judging Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
| CVE-2022-46503 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | ||||
| CVE-2024-28402 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 5.9 Medium |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2022-42967 | 1 Caret | 1 Caret | 2025-04-08 | 7.5 High |
| Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. | ||||
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2022-46438 | 1 Douco | 1 Douphp | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | ||||
| CVE-2022-39185 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2025-04-08 | 9.8 Critical |
| EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | ||||
| CVE-2024-26481 | 1 Getkirby | 1 Kirby | 2025-04-08 | 4.7 Medium |
| Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. | ||||
| CVE-2022-46369 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | ||||
| CVE-2022-39187 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | ||||
| CVE-2025-1062 | 1 Metaslider | 1 Slider\, Gallery\, And Carousel | 2025-04-08 | 3.5 Low |
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1203 | 1 Metaslider | 1 Slider\, Gallery\, And Carousel | 2025-04-08 | 3.5 Low |
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2021-46872 | 1 Nim-lang | 2 Nim, Nimforum | 2025-04-07 | 6.1 Medium |
| An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.) | ||||
| CVE-2024-52788 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-07 | 8 High |
| Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-52789 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-07 | 8 High |
| Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2023-22911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-07 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. | ||||
| CVE-2022-48091 | 1 Hotel Management System Project | 1 Hotel Management System | 2025-04-07 | 5.4 Medium |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | ||||
| CVE-2025-25818 | 1 Emlog | 1 Emlog | 2025-04-07 | 5.1 Medium |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php. | ||||
| CVE-2025-25823 | 1 Emlog | 1 Emlog | 2025-04-07 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php. | ||||
| CVE-2025-25825 | 1 Emlog | 1 Emlog | 2025-04-07 | 7.1 High |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section. | ||||