Export limit exceeded: 45606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28097 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2024-28096 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2024-28095 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2023-26599 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | 6.1 Medium |
| XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | ||||
| CVE-2023-30614 | 1 Pay Project | 1 Pay | 2025-02-05 | 7.1 High |
| Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-2099 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2025-02-05 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107. | ||||
| CVE-2023-2155 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2025-02-05 | 2.4 Low |
| A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276. | ||||
| CVE-2023-27777 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. | ||||
| CVE-2023-27776 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. | ||||
| CVE-2022-2507 | 1 Octopus | 1 Octopus Server | 2025-02-05 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | ||||
| CVE-2023-1767 | 1 Snyk | 1 Advisor | 2025-02-05 | 4.3 Medium |
| The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor. | ||||
| CVE-2023-23938 | 1 Enalean | 1 Tuleap | 2025-02-05 | 5.9 Medium |
| Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2024-32575 | 1 Kraftplugins | 1 Mega Elements | 2025-02-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9. | ||||
| CVE-2024-32456 | 1 Envothemes | 1 Envo Extra | 2025-02-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra allows Stored XSS.This issue affects Envo Extra: from n/a through 1.8.11. | ||||
| CVE-2024-29760 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | ||||
| CVE-2024-29935 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-02-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. | ||||
| CVE-2024-29092 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. | ||||
| CVE-2024-29123 | 1 Ylefebvre | 1 Link Library | 2025-02-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. | ||||
| CVE-2023-27090 | 1 Teacms Project | 1 Teacms | 2025-02-05 | 5.4 Medium |
| Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. | ||||
| CVE-2022-48150 | 1 Shopware | 1 Shopware | 2025-02-05 | 6.1 Medium |
| Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | ||||