Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23015 | 1 Kalkun Project | 1 Kalkun | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.
|
|||||
| CVE-2023-23014 | 1 Inventory System Project | 1 Inventory System | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
|
|||||
| CVE-2023-23012 | 1 Classroombookings | 1 Classroombookings | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
|
|||||
| CVE-2023-23010 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.
|
|||||
| CVE-2022-40034 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-03 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.
|
|||||
| CVE-2020-24901 | 1 Krpano | 1 Krpano | 2025-04-03 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url.
|
|||||
| CVE-2024-31061 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field.
|
|||||
| CVE-2024-13074 | 1 Phpgurukul | 1 Land Record System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-56237 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-03 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.
|
|||||
| CVE-2023-4250 | 1 Metagauss | 1 Eventprime | 2025-04-03 | N/A | 6.1 MEDIUM |
|
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
|
|||||
| CVE-2025-2049 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2047 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1967 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1957 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-22547 | 1 Wayos | 2 Ibr-7150, Ibr-7150 Firmware | 2025-04-03 | N/A | 4.7 MEDIUM |
|
WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2024-25369 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-04-03 | N/A | 5.4 MEDIUM |
|
A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter.
|
|||||
| CVE-2024-2130 | 1 Codeworkweb | 1 Cww Companion | 2025-04-03 | N/A | 6.4 MEDIUM |
|
The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-42308 | 1 Code-projects | 1 Exam Form Submission | 2025-04-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section.
|
|||||
| CVE-2024-24097 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.
|
|||||
| CVE-2024-12982 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-30349 | 2025-04-03 | N/A | 7.2 HIGH | ||
|
Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.
|
|||||
| CVE-2023-1030 | 1 Online Boat Reservation System Project | 1 Online Boat Reservation System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2003-1554 | 1 Scoznet | 1 Scozbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
|
|||||
| CVE-2005-4190 | 1 Horde | 1 Horde Application Framework | 2025-04-03 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
|
|||||
| CVE-2005-0251 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
|
|||||
| CVE-2005-3047 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
|
|||||
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
|
|||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php.
|
|||||
| CVE-2006-0533 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
|
|||||
| CVE-2006-4712 | 1 Sage | 1 Sage | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
|
|||||
| CVE-2004-1924 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki ...
Show More |
|||||
| CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
|
|||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.
|
|||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
|
|||||
| CVE-2003-1371 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
|
|||||
| CVE-2002-2330 | 1 Uninet | 1 Statsplus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.
|
|||||
| CVE-2006-3138 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
|
|||||
| CVE-2003-0310 | 1 Ez | 1 Ez Publish | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
|
|||||
| CVE-2006-3211 | 1 Cjguestbook Project | 1 Cjguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
|
|||||
| CVE-2004-2735 | 1 Fredric Fredricson | 1 P4db | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter i ...
Show More |
|||||