Export limit exceeded: 347464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24177 | 1 Filemanagerpro | 1 File Manager | 2025-03-24 | 5.4 Medium |
| In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. | ||||
| CVE-2024-13918 | 1 Laravel | 1 Framework | 2025-03-24 | 8 High |
| The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. | ||||
| CVE-2024-13919 | 1 Laravel | 1 Framework | 2025-03-24 | 8 High |
| The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. | ||||
| CVE-2025-2150 | 1 Hgiga | 1 C\&cm\@il | 2025-03-24 | 5.4 Medium |
| The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. | ||||
| CVE-2022-48110 | 1 Ckeditor | 1 Ckeditor | 2025-03-24 | 6.1 Medium |
| CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false). | ||||
| CVE-2024-30160 | 1 Mitel | 1 Micollab | 2025-03-22 | 4.8 Medium |
| A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2024-30159 | 1 Mitel | 1 Micollab | 2025-03-22 | 4.8 Medium |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2024-41709 | 1 Backdropcms | 1 Backdrop | 2025-03-21 | 6.1 Medium |
| Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission. | ||||
| CVE-2023-27294 | 1 Opencats | 1 Opencats | 2025-03-21 | 5.4 Medium |
| Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge. | ||||
| CVE-2023-27293 | 1 Opencats | 1 Opencats | 2025-03-21 | 6.1 Medium |
| Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge. | ||||
| CVE-2024-39662 | 1 Modernaweb | 1 Black Widgets For Elementor | 2025-03-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5. | ||||
| CVE-2022-2168 | 1 W3eden | 1 Download Manager | 2025-03-21 | 6.1 Medium |
| The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-24086 | 1 Slims Project | 1 Slims | 2025-03-21 | 6.1 Medium |
| SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. | ||||
| CVE-2023-0794 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 8.3 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0791 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 8.3 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-24648 | 1 Zippy | 1 Zstore | 2025-03-21 | 6.1 Medium |
| Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. | ||||
| CVE-2023-0373 | 1 Smartwp | 1 Lightweight Accordion | 2025-03-21 | 5.4 Medium |
| The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0151 | 1 Utubevideo Gallery Project | 1 Utubevideo Gallery | 2025-03-21 | 5.4 Medium |
| The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-2362 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions. | ||||
| CVE-2017-18032 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A |
| The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | ||||