Export limit exceeded: 347172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3358 | 2 Janobe, Sourcecodester | 2 Aplaya Beach Resort Online Reservation System, Aplaya Beach Resort Online Reservation System | 2025-02-26 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3414 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-02-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583. | ||||
| CVE-2023-0391 | 1 Mgt-commerce | 1 Cloudpanel | 2025-02-26 | 8.1 High |
| MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1. | ||||
| CVE-2022-45004 | 1 Getgophish | 1 Gophish | 2025-02-26 | 6.1 Medium |
| Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | ||||
| CVE-2020-19947 | 1 Markdown Edit Project | 1 Markdown Edit | 2025-02-26 | 9.6 Critical |
| Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. | ||||
| CVE-2023-1481 | 1 Monitoring Of Students Cyber Accounts System Project | 1 Monitoring Of Students Cyber Accounts System | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364. | ||||
| CVE-2023-1154 | 1 Pacsrapor | 1 Pacsrapor | 2025-02-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. | ||||
| CVE-2023-26951 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-02-26 | 5.4 Medium |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. | ||||
| CVE-2023-27131 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | ||||
| CVE-2023-27054 | 1 Mirotalk | 1 Mirotalk P2p | 2025-02-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | ||||
| CVE-2020-24857 | 1 Inex | 1 Ixp Manager | 2025-02-26 | 6.1 Medium |
| Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. | ||||
| CVE-2023-0369 | 1 Gotowp | 1 Gotowp | 2025-02-26 | 5.4 Medium |
| The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0365 | 1 React Webcam Project | 1 React Webcam | 2025-02-26 | 5.4 Medium |
| The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0364 | 1 Real.kit Project | 1 Real.kit | 2025-02-26 | 5.4 Medium |
| The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0145 | 1 Saan | 1 World Clock | 2025-02-26 | 5.4 Medium |
| The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-27902 | 1 Sap | 1 Netweaver As Abap | 2025-02-26 | 5.4 Medium |
| Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system | ||||
| CVE-2024-1304 | 1 Badgermeter | 1 Monitool | 2025-02-26 | 6.3 Medium |
| Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session. | ||||
| CVE-2024-1528 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-02-26 | 7.4 High |
| CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. | ||||
| CVE-2024-2391 | 1 Eve-ng | 1 Eve-ng | 2025-02-26 | 2.4 Low |
| A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2211 | 1 Getgophish | 1 Gophish | 2025-02-26 | 4.6 Medium |
| Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu. | ||||