Export limit exceeded: 45471 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41351 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | ||||
| CVE-2024-41350 | 1 Baijunyao | 2 Bjyadmin, Thinkphp-bjyadmin | 2024-09-04 | 6.1 Medium |
| bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | ||||
| CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
| CVE-2024-8004 | 2 3ds, Dassault | 4 3dexperience Enovia, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7938 | 2 3ds, Dassault | 3 3dexperience, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | 6.1 Medium |
| Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | ||||
| CVE-2024-43921 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-09-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9. | ||||
| CVE-2024-43920 | 1 Jegstudio | 1 Gutenverse | 2024-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4. | ||||
| CVE-2024-8366 | 1 Code-projects | 1 Pharmacy Management System | 2024-09-04 | 4.3 Medium |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7942 | 2 Rems, Sourcecodester | 2 Leads Manager Tool, Leads Manager Tool | 2024-09-03 | 3.5 Low |
| A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41697 | 1 Priority-software | 1 Priority | 2024-09-03 | 6.1 Medium |
| Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | ||||
| CVE-2024-41241 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-09-03 | 4.8 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||||
| CVE-2024-40473 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-09-03 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields. | ||||
| CVE-2024-44778 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-44779 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-44777 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 7.4 High |
| A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2024-43964 | 1 Dsgvo-for-wp | 1 Dsgvo All In One For Wp | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5. | ||||
| CVE-2024-43396 | 1 Khoj | 1 Khoj | 2024-09-03 | 5.4 Medium |
| Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0. | ||||
| CVE-2024-7814 | 2 Codeastro, Online Railway Reservation System Project | 2 Online Railway Reservation System, Online Railway Reservation System | 2024-09-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43949 | 1 Automattic | 2 Ghacitivity, Ghactivity | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | ||||