Export limit exceeded: 43893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36954 | 1 Xeroneit | 1 Library Management System | 2026-01-27 | 6.4 Medium |
| Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded. | ||||
| CVE-2026-24824 | 1 Yacy | 1 Yacy Search Server | 2026-01-27 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy_search_server. | ||||
| CVE-2026-24620 | 2 Pluginops, Wordpress | 2 Landing Page Builder, Wordpress | 2026-01-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3. | ||||
| CVE-2026-24584 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-01-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0. | ||||
| CVE-2026-24526 | 3 Steve Truman, Woocommerce, Wordpress | 3 Email Inquiry & Cart Options For Woocommerce, Woocommerce, Wordpress | 2026-01-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.4.3. | ||||
| CVE-2026-22388 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2. | ||||
| CVE-2025-8113 | 2 Shopfiles, Wordpress | 2 Ebook Store, Wordpress | 2026-01-27 | 6.1 Medium |
| The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2024-25218 | 1 Code-projects | 1 Task Manager | 2026-01-27 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | ||||
| CVE-2024-25219 | 2 Code-projects, Task Manager App | 2 Task Manager, Task Manager App | 2026-01-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | ||||
| CVE-2024-25221 | 1 Code-projects | 1 Task Manager | 2026-01-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | ||||
| CVE-2025-69054 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8. | ||||
| CVE-2025-62077 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2. | ||||
| CVE-2023-29639 | 1 Zhenfeng13 | 1 My Blog | 2026-01-27 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | ||||
| CVE-2023-29636 | 1 Zhenfeng13 | 1 My Blog | 2026-01-27 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | ||||
| CVE-2012-2571 | 1 Winwebmail | 1 Winwebmail Server | 2026-01-27 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. | ||||
| CVE-2023-43944 | 1 Oretnom23 | 1 Task Management System | 2026-01-27 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. | ||||
| CVE-2022-28975 | 1 Infoblox | 1 Nios | 2026-01-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | ||||
| CVE-2025-11687 | 1 Gnome | 1 Gi-docgen | 2026-01-27 | 6.1 Medium |
| A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS). | ||||
| CVE-2020-36956 | 1 Igniterealtime | 1 Openfire | 2026-01-27 | 6.4 Medium |
| Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page. | ||||
| CVE-2020-36960 | 1 Formalms | 1 Formalms | 2026-01-27 | 6.4 Medium |
| Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users. | ||||