Export limit exceeded: 43825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13232 | 1 Projectsend | 1 Projectsend | 2026-02-24 | 3.5 Low |
| A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version r1945 is recommended to address this issue. Patch name: 334da1ea39cb12f6b6e98dd2f80bb033e0c7b845. It is advisable to upgrade the affected component. | ||||
| CVE-2025-13181 | 2 H3blog, Pojoin | 2 H3blog, H3blog | 2026-02-24 | 3.5 Low |
| A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-13058 | 1 Extplorer | 1 Extplorer | 2026-02-24 | 3.5 Low |
| A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-11433 | 1 Itsourcecode | 1 Leave Management System | 2026-02-24 | 3.5 Low |
| A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-11390 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-02-24 | 4.3 Medium |
| A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-11332 | 1 Cmseasy | 1 Cmseasy | 2026-02-24 | 3.5 Low |
| A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11289 | 1 Westboy | 1 Cicadascms | 2026-02-24 | 2.4 Low |
| A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12312 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2026-02-24 | 2.4 Low |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12311 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2026-02-24 | 2.4 Low |
| A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-12231 | 1 Projectworlds | 1 Expense Management System | 2026-02-24 | 2.4 Low |
| A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-12228 | 1 Projectworlds | 1 Expense Management System | 2026-02-24 | 2.4 Low |
| A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-11512 | 2 Code-projects, Fabian | 2 Voting System, Voting System | 2026-02-24 | 4.3 Medium |
| A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-11425 | 1 Projectworlds | 1 Advanced Library Management System | 2026-02-24 | 2.4 Low |
| A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Other parameters might be affected as well. | ||||
| CVE-2025-11421 | 2 Code-projects, Fabian | 2 Voting System, Voting System | 2026-02-24 | 3.5 Low |
| A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-11306 | 1 Qianfox | 1 Foxcms | 2026-02-24 | 4.3 Medium |
| A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13484 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2026-02-24 | 2.4 Low |
| A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-13182 | 2 H3blog, Pojoin | 2 H3blog, H3blog | 2026-02-24 | 3.5 Low |
| A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12920 | 2 Foxcms, Qianfox | 2 Foxcms, Foxcms | 2026-02-24 | 2.4 Low |
| A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14991 | 1 Campcodes | 1 Complete Online Beauty Parlor Management System | 2026-02-24 | 2.4 Low |
| A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing a manipulation of the argument fromdate can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-14962 | 2 Carmelo, Code-projects | 2 Simple Stock System, Simple Stock System | 2026-02-24 | 4.3 Medium |
| A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||