Total
45264 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36773 | 1 Monstra | 2 Monstra, Monstra Cms | 2025-02-13 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. | ||||
| CVE-2024-34913 | 2 Rubinchu, Technocking | 2 R-pan-scaffolding, R-pan-scaffolding | 2025-02-13 | 5.4 Medium |
| An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-34909 | 1 Kykms | 1 Kykms | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-34906 | 1 Dootask | 1 Dootask | 2025-02-13 | 6.3 Medium |
| An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-30889 | 2 Audimex, Web-audimex | 2 Audimexee, Audimexee | 2025-02-13 | 5.4 Medium |
| Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters. | ||||
| CVE-2024-5933 | 1 Lollms | 1 Lollms Web Ui | 2025-02-13 | 5.4 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. | ||||
| CVE-2020-29444 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-02-12 | 5.4 Medium |
| Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. | ||||
| CVE-2024-53962 | 1 Adobe | 1 Experience Manager | 2025-02-12 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-0530 | 2025-02-12 | 3.5 Low | ||
| A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0800 | 1 Argie | 1 Online Courseware | 2025-02-12 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0806 | 1 Anisha | 1 Job Recruitment | 2025-02-12 | 4.3 Medium |
| A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1703 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-1704 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2022-37462 | 1 Upstreamworks | 1 Upstream Works On Finesse | 2025-02-12 | 5.4 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details. | ||||
| CVE-2024-35218 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | 4.2 Medium |
| Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer. | ||||
| CVE-2024-1700 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input <script>alert("xss")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-26291 | 1 Forcepoint | 2 Cloud Security Gateway, Web Security | 2025-02-12 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | ||||
| CVE-2023-1701 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-1702 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-2516 | 1 Teampass | 1 Teampass | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||