Export limit exceeded: 45559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45559 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11493 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11492 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11490 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-36223 | 1 Bbs-go | 1 Bbs-go | 2024-11-22 | 5.4 Medium |
| Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function. | ||||
| CVE-2023-36816 | 1 2fauth | 1 2fauth | 2024-11-22 | 6.1 Medium |
| 2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3. | ||||
| CVE-2024-52053 | 1 Wowza | 1 Streaming Engine | 2024-11-22 | N/A |
| Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts. | ||||
| CVE-2015-10101 | 1 Google Analytics Top Content Widget Project | 1 Google Analytics Top Content Widget | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability. | ||||
| CVE-2023-2389 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2024-11-22 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-34654 | 1 Taogogo | 1 Taocms | 2024-11-22 | 6.1 Medium |
| taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-2671 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-22 | 3.5 Low |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887. | ||||
| CVE-2023-2768 | 1 Sucms Project | 1 Sucms | 2024-11-22 | 3.5 Low |
| A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3757 | 1 Gzscripts | 1 Car Rental Php Script | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7749 | 2 Remyandrade, Sourcecodester | 2 Accounts Manager App, Accounts Manager App | 2024-11-22 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3787 | 1 Tiva Events Calendar Project | 1 Tiva Events Calendar | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3829 | 1 Bugfinder | 1 Icogenie | 2024-11-22 | 3.5 Low |
| A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7948 | 2 Remyandrade, Sourcecodester | 2 Accounts Manager App, Accounts Manager App | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. This vulnerability affects unknown code of the file update-account.php of the component Update Account Page. The manipulation of the argument Account Name/Username/Password/Link leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-28730 | 2 D-link, Dlink | 3 Dwr-2000m Firmware, Dwr-2000m, Dwr-2000m Firmware | 2024-11-22 | 4.6 Medium |
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | ||||
| CVE-2023-3837 | 1 Dedebiz | 1 Dedebiz | 2024-11-22 | 2.4 Low |
| A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7660 | 2 Remyandrade, Sourcecodester | 2 File Manager App, File Management App | 2024-11-22 | 3.5 Low |
| A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8337 | 2 Remyandrade, Sourcecodester | 2 Contact Manager With Export To Vcf, Contact Manager | 2024-11-22 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||