Filtered by CWE-79
Total 45293 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4250 1 Metagauss 1 Eventprime 2025-04-03 6.1 Medium
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2025-2049 1 Code-projects 1 Blood Bank System 2025-04-03 3.5 Low
A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2047 1 Phpgurukul 1 Art Gallery Management System 2025-04-03 3.5 Low
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1967 1 Blood Bank Management System Project 1 Blood Bank Management System 2025-04-03 3.5 Low
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1957 1 Code-projects 1 Blood Bank System 2025-04-03 3.5 Low
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22547 1 Wayos 2 Ibr-7150, Ibr-7150 Firmware 2025-04-03 4.7 Medium
WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).
CVE-2024-25369 1 Thedaylightstudio 1 Fuel Cms 2025-04-03 6.1 Medium
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
CVE-2023-42308 1 Code-projects 1 Exam Form Submission 2025-04-03 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section.
CVE-2024-24097 1 Code-projects 1 Scholars Tracking System 2025-04-03 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.
CVE-2024-12982 1 Phpgurukul 1 Blood Bank \& Donor Management System 2025-04-03 2.4 Low
A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-38110 1 Solarwinds 1 Database Performance Analyzer 2025-04-03 5.4 Medium
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVE-2023-1030 1 Online Boat Reservation System Project 1 Online Boat Reservation System 2025-04-03 3.5 Low
A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-37798 1 Phpgurukul 1 Beauty Parlour Management System 2025-04-03 5.9 Medium
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
CVE-2024-34796 1 Accessally 1 Popupally 2025-04-03 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.
CVE-2025-27914 1 Zimbra 1 Collaboration 2025-04-02 5.4 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim.
CVE-2024-22880 1 Zadarma 1 Zadarma 2025-04-02 4.7 Medium
Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.
CVE-2024-57348 1 Pecanproject 1 Pecan 2025-04-02 6.1 Medium
Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters.
CVE-2024-25876 1 Enhavo 1 Enhavo 2025-04-02 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVE-2024-25875 1 Enhavo 1 Enhavo 2025-04-02 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.
CVE-2024-25874 1 Enhavo 1 Enhavo 2025-04-02 5.4 Medium
A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.