Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12932 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-03 | N/A | 4.6 MEDIUM |
| A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. The manipulation of the argument size leads to cross site scripting. The attack can be launched remotely. | |||||
| CVE-2024-12930 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-03 | N/A | 4.6 MEDIUM |
| A vulnerability was found in code-projects Simple Admin Panel 1.0 and classified as problematic. This issue affects some unknown processing of the file addCatController.php. The manipulation of the argument c_name leads to cross site scripting. The attack may be initiated remotely. | |||||
| CVE-2024-12933 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-03 | N/A | 5.4 MEDIUM |
| A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The manipulation of the argument p_name/p_desc leads to cross site scripting. The attack may be launched remotely. | |||||
| CVE-2024-13019 | 1 Code-projects | 1 Chat System | 2025-04-03 | N/A | 4.6 MEDIUM |
| A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. | |||||
| CVE-2022-45557 | 2 Apple, Left Project | 2 Macos, Left | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | |||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | |||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
| CVE-2008-3935 | 1 D-ic | 2 Shop V50, Shop V52 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2023-22910 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | N/A | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. | |||||
| CVE-2022-45558 | 2 Apple, Left Project | 2 Macos, Left | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. | |||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 5.4 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
| CVE-2023-23010 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. | |||||
| CVE-2023-23024 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-03 | N/A | 6.1 MEDIUM |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter. | |||||
| CVE-2007-5817 | 1 Contentcustomizer | 1 Contentcustomizer | 2025-04-03 | 4.3 MEDIUM | N/A |
| dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks. | |||||
| CVE-2023-23012 | 1 Classroombookings | 1 Classroombookings | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. | |||||
| CVE-2023-23014 | 1 Inventory System Project | 1 Inventory System | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php. | |||||