Export limit exceeded: 45573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34796 | 1 Techsneeze | 1 Dmarc Report | 2024-12-04 | 6.1 Medium |
| Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. | ||||
| CVE-2020-18404 | 1 Ecisp | 1 Espcms | 2024-12-04 | 4.8 Medium |
| An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. | ||||
| CVE-2020-18414 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-04 | 4.8 Medium |
| Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. | ||||
| CVE-2024-11742 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-04 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2021-30203 | 1 Dzzoffice | 1 Dzzoffice | 2024-12-04 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2023-3332 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-04 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | ||||
| CVE-2024-11678 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11677 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11676 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11675 | 2 Codeastro, Phpgurukul | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11660 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-12-04 | 3.5 Low |
| A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-28485 | 1 Wekan Project | 1 Wekan | 2024-12-04 | 5.4 Medium |
| A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads. | ||||
| CVE-2023-27082 | 1 Pluck-cms | 1 Pluck | 2024-12-04 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | ||||
| CVE-2023-36477 | 1 Xwiki | 2 Ckeditor Integration, Xwiki | 2024-12-04 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details. | ||||
| CVE-2024-28831 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 5.4 Medium |
| Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. | ||||
| CVE-2024-28832 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 4.8 Medium |
| Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings. | ||||
| CVE-2023-40655 | 1 Mooj | 1 Proforms | 2024-12-04 | 6.1 Medium |
| A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. | ||||
| CVE-2023-28387 | 1 Uzabase | 1 Newspicks | 2024-12-04 | 5.5 Medium |
| "NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. | ||||
| CVE-2024-38857 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 4.3 Medium |
| Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. | ||||
| CVE-2024-26122 | 1 Adobe | 1 Experience Manager | 2024-12-04 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||