Export limit exceeded: 45666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27625 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-03-28 | 4.8 Medium |
| CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field. | ||||
| CVE-2023-0566 | 1 Froxlor | 1 Froxlor | 2025-03-28 | 6.2 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2023-0549 | 1 Yetanotherforum | 1 Yaf.net | 2025-03-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. | ||||
| CVE-2023-49977 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. | ||||
| CVE-2023-49976 | 1 Oretnom23 | 1 Customer Support System | 2025-03-28 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. | ||||
| CVE-2023-49974 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-03-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-51281 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-03-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. | ||||
| CVE-2024-27743 | 2 Mayurik, Petroleum Management Software Application Project | 2 Petrol Pump Management, Petroleum Management Software Application | 2025-03-28 | 6.1 Medium |
| Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component. | ||||
| CVE-2024-27744 | 1 Mayurik | 1 Petrol Pump Management | 2025-03-28 | 6.1 Medium |
| Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. | ||||
| CVE-2025-0281 | 1 Lunary | 1 Lunary | 2025-03-28 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. An attacker can inject malicious JavaScript into the SAML IdP XML metadata, which is used to generate the SAML login redirect URL. This URL is then set as the value of `window.location.href` without proper validation or sanitization. This vulnerability allows the attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions. The issue is fixed in version 1.7.10. | ||||
| CVE-2025-20205 | 1 Cisco | 1 Identity Services Engine | 2025-03-28 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | ||||
| CVE-2025-20204 | 1 Cisco | 1 Identity Services Engine | 2025-03-28 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | ||||
| CVE-2024-29419 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-27 | 5.4 Medium |
| There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | ||||
| CVE-2024-28156 | 1 Jenkins | 1 Build Monitor View | 2025-03-27 | 5.4 Medium |
| Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views. | ||||
| CVE-2024-24389 | 1 Xunruicms | 1 Xunruicms | 2025-03-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. | ||||
| CVE-2024-24276 | 1 Teamwire | 1 Teamwire | 2025-03-27 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components. | ||||
| CVE-2024-24275 | 2 Microsoft, Teamwire | 2 Windows, Teamwire | 2025-03-27 | 9.6 Critical |
| Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. | ||||
| CVE-2023-23021 | 1 Oretnom23 | 1 Pos - Point Of Sale System | 2025-03-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. | ||||
| CVE-2022-4793 | 1 Solwininfotech | 1 Blog Designer | 2025-03-27 | 6.8 Medium |
| The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.6 Medium |
| There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | ||||