Export limit exceeded: 45671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4480 | 1 Holithemes | 1 Click To Chat | 2025-04-04 | 5.4 Medium |
| The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2023-0337 | 1 Daloradius | 1 Daloradius | 2025-04-04 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-0338 | 1 Daloradius | 1 Daloradius | 2025-04-04 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-23637 | 1 Unistra | 1 Impatient | 2025-04-04 | 7.6 High |
| IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. | ||||
| CVE-2023-22296 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2025-04-04 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-45613 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-04 | 5.4 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter. | ||||
| CVE-2025-1548 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 3.5 Low |
| A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-39195 | 1 Lsoft | 1 Listserv | 2025-04-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. | ||||
| CVE-2024-53635 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-04-04 | 4.8 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. | ||||
| CVE-2023-0513 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 3.5 Low |
| A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1746 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-43857 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 5.4 Medium |
| Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | ||||
| CVE-2023-0287 | 1 Favorites-web Project | 1 Favorites-web | 2025-04-04 | 3.5 Low |
| A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-34219 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-04 | 8.6 High |
| TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. | ||||
| CVE-2024-11004 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-04-04 | 6.1 Medium |
| Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | ||||
| CVE-2024-34954 | 1 Code-projects | 1 Budget Management | 2025-04-04 | 6.1 Medium |
| Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter. | ||||
| CVE-2023-23019 | 2 Oretnom23, Sourcecodester | 2 Blog Site, Blog Site | 2025-04-04 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\ | ||||
| CVE-2022-43717 | 1 Apache | 1 Superset | 2025-04-04 | 5.4 Medium |
| Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2024-32409 | 1 Sem-cms | 1 Semcms | 2025-04-04 | 7.1 High |
| An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2024-31857 | 1 Incsub | 1 Forminator | 2025-04-04 | 5.4 Medium |
| Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser. | ||||