Export limit exceeded: 21606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25346 | 1 Churchcrm | 1 Churchcrm | 2025-02-03 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | ||||
| CVE-2022-25276 | 1 Drupal | 1 Drupal | 2025-02-03 | 6.1 Medium |
| The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | ||||
| CVE-2023-30417 | 1 Pearadmin | 1 Pear Admin Boot | 2025-02-03 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | ||||
| CVE-2023-30267 | 1 Cltphp | 1 Cltphp | 2025-02-03 | 6.1 Medium |
| CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | ||||
| CVE-2023-30177 | 1 Craftcms | 1 Craft Cms | 2025-02-03 | 6.1 Medium |
| CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | ||||
| CVE-2023-30111 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-30106 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | ||||
| CVE-2023-2291 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-02-03 | 7.8 High |
| Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | ||||
| CVE-2023-29836 | 1 Exelysis | 1 Exelysis Unified Communications Solution | 2025-02-03 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | ||||
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-03 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | ||||
| CVE-2022-39989 | 1 Fighting Cock Information System Project | 1 Fighting Cock Information System | 2025-02-03 | 9.8 Critical |
| An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | ||||
| CVE-2022-27979 | 1 Tooljet | 1 Tooljet | 2025-02-03 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | ||||
| CVE-2024-23522 | 1 Strategy11 | 1 Formidable Forms | 2025-02-03 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. | ||||
| CVE-2024-38681 | 1 Wpthemespace | 1 Magical Addons For Elementor | 2025-02-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. | ||||
| CVE-2024-38710 | 1 Master-addons | 1 Master Addons | 2025-02-03 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.6.2. | ||||
| CVE-2024-38711 | 1 Ylefebvre | 1 Link Library | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1. | ||||
| CVE-2024-37947 | 1 Themeum | 1 Tutor Lms | 2025-02-03 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2. | ||||
| CVE-2024-41665 | 1 Ampache | 1 Ampache | 2025-02-03 | 5.5 Medium |
| Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. | ||||
| CVE-2024-28973 | 1 Dell | 9 Data Domain Operating System, Dd3300, Dd6400 and 6 more | 2025-02-03 | 5.9 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | ||||
| CVE-2024-30530 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-31 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | ||||