Export limit exceeded: 45653 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45653 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2285 | 1 Boyiddha | 1 Automated-mess-management-system | 2025-03-12 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2127 | 1 Joomlaux | 1 Jux Real Estate | 2025-03-11 | 4.3 Medium |
| A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2130 | 1 Openxe | 1 Openxe | 2025-03-11 | 3.5 Low |
| A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2131 | 1 Xunruicms | 1 Xunruicms | 2025-03-11 | 2.4 Low |
| A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2133 | 1 Ftcms | 1 Ftcms | 2025-03-11 | 2.4 Low |
| A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0469 | 1 Wpmudev | 1 Forminator Forms | 2025-03-11 | 6.4 Medium |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-48344 | 1 Jetbrains | 1 Teamcity | 2025-03-11 | 5.4 Medium |
| In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | ||||
| CVE-2023-26091 | 1 Frappant | 1 Forms Export | 2025-03-11 | 6.1 Medium |
| The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. | ||||
| CVE-2023-0987 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-03-11 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680. | ||||
| CVE-2024-37527 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | 5.4 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2022-48343 | 1 Jetbrains | 1 Teamcity | 2025-03-11 | 5.4 Medium |
| In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | ||||
| CVE-2021-32302 | 1 Irz | 2 Ruh2, Ruh2 Firmware | 2025-03-11 | 6.1 Medium |
| Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | ||||
| CVE-2024-2266 | 1 Keerti1924 | 1 Secret-coder-php-project | 2025-03-11 | 3.5 Low |
| A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-54139 | 1 Combodo | 1 Itop | 2025-03-11 | 7.9 High |
| Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue. | ||||
| CVE-2023-1006 | 1 Medical Certificate Generator App Project | 1 Medical Certificate Generator App | 2025-03-11 | 3.5 Low |
| A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739. | ||||
| CVE-2023-1042 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-03-11 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800. | ||||
| CVE-2023-1104 | 1 Flatpress | 1 Flatpress | 2025-03-11 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-1115 | 1 Pimcore | 1 Pimcore | 2025-03-11 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | ||||
| CVE-2023-22491 | 1 Gatsbyjs | 1 Gatsby | 2025-03-11 | 8.1 High |
| Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner. | ||||
| CVE-2023-24251 | 1 Wangeditor | 1 Wangeditor | 2025-03-11 | 5.4 Medium |
| WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. | ||||