Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34562 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. | |||||
| CVE-2024-7068 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. | |||||
| CVE-2024-7916 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8209 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8208 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-54775 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-22 | N/A | 4.8 MEDIUM |
| Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. | |||||
| CVE-2024-56314 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2024-56313 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2024-56312 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2022-46381 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. | |||||
| CVE-2022-46058 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | N/A | 4.8 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||||
| CVE-2022-44303 | 1 Resque-scheduler Project | 1 Resque-scheduler | 2025-04-22 | N/A | 6.1 MEDIUM |
| Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side. | |||||
| CVE-2022-43996 | 1 Csaf Provider Project | 1 Csaf Provider | 2025-04-22 | N/A | 5.4 MEDIUM |
| The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory. | |||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31913 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||
| CVE-2023-3143 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | |||||
| CVE-2021-33371 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||
| CVE-2023-3144 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | |||||
| CVE-2024-25854 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. | |||||
| CVE-2023-51318 | 1 Phpjabbers | 1 Bus Reservation System | 2025-04-22 | N/A | 5.4 MEDIUM |
| PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | |||||