Export limit exceeded: 44766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9214 | 2024-10-25 | 6.1 Medium | ||
| The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-48539 | 1 Netdvr | 1 Neye3c | 2024-10-25 | 9.8 Critical |
| Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | ||||
| CVE-2024-9650 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-10-25 | 6.5 Medium |
| The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-48656 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2024-10-24 | 5.4 Medium |
| Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-10286 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. | ||||
| CVE-2024-10289 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. | ||||
| CVE-2024-10288 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. | ||||
| CVE-2024-10287 | 1 Ujangrohidin | 1 Localserver | 2024-10-24 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. | ||||
| CVE-2024-46482 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-10-23 | 8.2 High |
| An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file. | ||||
| CVE-2024-10197 | 1 Code-projects | 1 Pharmacy Management System | 2024-10-23 | 2.4 Low |
| A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-25284 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-25283 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-25282 | 1 3dsecure | 1 3dsecure | 2024-10-22 | 5.4 Medium |
| DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-46237 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-22 | 4.8 Medium |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | ||||
| CVE-2024-10142 | 1 Code-projects | 1 Blood Bank System | 2024-10-22 | 3.5 Low |
| A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9848 | 1 K2-service | 1 Product Customizer Light | 2024-10-22 | 6.4 Medium |
| The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-10055 | 1 Ninjateam | 1 Click To Chat | 2024-10-22 | 6.4 Medium |
| The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10080 | 1 Newsignature | 1 Wp Easy Post Types | 2024-10-22 | 6.4 Medium |
| The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-9452 | 1 Gurieveugen\&vitaliyshebela | 1 Branding | 2024-10-22 | 6.4 Medium |
| The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-9892 | 1 Arelthiaphillips | 1 Add Widget After Content | 2024-10-22 | 4.4 Medium |
| The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||