Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57522 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | N/A | 6.4 MEDIUM |
|
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
|
|||||
| CVE-2022-46904 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS.
|
|||||
| CVE-2022-46903 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS.
|
|||||
| CVE-2022-46905 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.
|
|||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.
|
|||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 4.8 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.
|
|||||
| CVE-2024-28276 | 1 Rems | 1 School Task Manager | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.
|
|||||
| CVE-2024-34230 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.
|
|||||
| CVE-2024-34231 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.1 HIGH |
|
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
|
|||||
| CVE-2024-33304 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 6.1 MEDIUM |
|
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.
|
|||||
| CVE-2024-33306 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.4 HIGH |
|
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User.
|
|||||
| CVE-2024-33307 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
|
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User.
|
|||||
| CVE-2024-33302 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 5.3 MEDIUM |
|
SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.
|
|||||
| CVE-2024-33303 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 8.2 HIGH |
|
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.
|
|||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.
|
|||||
| CVE-2022-31358 | 1 Proxmox | 1 Virtual Environment | 2025-04-22 | N/A | 9.0 CRITICAL |
|
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
|
|||||
| CVE-2024-33305 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
|
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User.
|
|||||
| CVE-2022-34560 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 7.1 HIGH |
|
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
|
|||||
| CVE-2022-34561 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 4.3 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
|
|||||
| CVE-2022-34562 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
|
|||||
| CVE-2024-7068 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability.
|
|||||
| CVE-2024-7916 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any ...
Show More |
|||||
| CVE-2024-8209 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-8208 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-54775 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-22 | N/A | 4.8 MEDIUM |
|
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
|
|||||
| CVE-2024-56314 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
|
|||||
| CVE-2024-56313 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
|
|||||
| CVE-2024-56312 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
|
|||||
| CVE-2022-46381 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
|
|||||
| CVE-2022-46058 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | N/A | 4.8 MEDIUM |
|
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
|
|||||
| CVE-2022-44303 | 1 Resque-scheduler Project | 1 Resque-scheduler | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.
|
|||||
| CVE-2022-43996 | 1 Csaf Provider Project | 1 Csaf Provider | 2025-04-22 | N/A | 5.4 MEDIUM |
|
The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.
|
|||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-31913 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 3.5 LOW | 4.8 MEDIUM |
|
Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.
|
|||||
| CVE-2021-33371 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.
|
|||||
| CVE-2024-25854 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.
|
|||||
| CVE-2024-41375 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
|
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php
|
|||||
| CVE-2024-41374 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
|
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php
|
|||||
| CVE-2025-25958 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
|
|||||
| CVE-2025-25960 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator.
|
|||||