Total
45294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3776 | 1 Netvision | 1 Airpass | 2025-04-08 | 6.1 Medium |
| The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. | ||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | ||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | 6.1 Medium |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2025-04-08 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | ||||
| CVE-2024-28404 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 8 High |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-27703 | 1 Leantime | 1 Leantime | 2025-04-08 | 5.4 Medium |
| Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. | ||||
| CVE-2024-27477 | 1 Leantime | 1 Leantime | 2025-04-08 | 6.1 Medium |
| In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2024-22718 | 1 Formtools | 1 Form Tools | 2025-04-08 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | ||||
| CVE-2024-22717 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | ||||
| CVE-2024-29220 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 6.1 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||
| CVE-2024-26019 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-08 | 5.4 Medium |
| Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | ||||
| CVE-2022-46622 | 1 Judging Management System Project | 1 Judging Management System | 2025-04-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
| CVE-2022-46503 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | ||||
| CVE-2024-28402 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-08 | 5.9 Medium |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2022-42967 | 1 Caret | 1 Caret | 2025-04-08 | 7.5 High |
| Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. | ||||
| CVE-2022-47102 | 1 Phpgurukul | 1 Student Study Center Management System | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2022-46438 | 1 Douco | 1 Douphp | 2025-04-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | ||||
| CVE-2024-26481 | 1 Getkirby | 1 Kirby | 2025-04-08 | 4.7 Medium |
| Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. | ||||
| CVE-2022-46369 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | ||||
| CVE-2022-39187 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | ||||