Total
45238 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12783 | 1 Angeljudesuarez | 1 Vehicle Management System | 2025-01-10 | 3.5 Low |
| A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12883 | 1 Anisha | 1 Job Recruitment | 2025-01-10 | 4.3 Medium |
| A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13137 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 2.4 Low |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32685 | 1 Kanboard | 1 Kanboard | 2025-01-10 | 4.4 Medium |
| Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29. | ||||
| CVE-2023-33186 | 1 Zulip | 1 Zulip Server | 2025-01-10 | 8.2 High |
| Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker. | ||||
| CVE-2025-0228 | 1 Code-projects | 1 Local Storage Todo App | 2025-01-10 | 2.4 Low |
| A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41752 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | 5.4 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2024-25042 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | 5.4 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | ||||
| CVE-2023-23718 | 1 Page Loading Effects Project | 1 Page Loading Effects | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions. | ||||
| CVE-2023-22680 | 1 Altanic | 1 No Api Amazon Affiliate | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions. | ||||
| CVE-2022-47592 | 1 Magicform Project | 1 Magicform | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions. | ||||
| CVE-2022-47591 | 1 Map Multi Marker Project | 1 Map Multi Marker | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | ||||
| CVE-2022-42485 | 1 Galaxyweblinks | 1 Gallery With Thumbnail Slider | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions. | ||||
| CVE-2022-41785 | 1 Robogallery | 1 Gallery Images Ape | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions. | ||||
| CVE-2022-45843 | 1 Nextendweb | 1 Smart Slider 3 | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | ||||
| CVE-2022-44742 | 1 Community Events Project | 1 Community Events | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions. | ||||
| CVE-2023-28422 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions. | ||||
| CVE-2022-47431 | 1 Tussendoor | 1 Open Rdw Kenteken Voertuiginformatie | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions. | ||||
| CVE-2023-22716 | 1 Oopspam | 1 Oopspam Anti-spam | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions. | ||||
| CVE-2023-22712 | 1 Templatesnext | 1 Templatesnext Toolkit | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions. | ||||