Lucene search
K

241 matches found

CNVD
CNVD
added 2025/06/11 12:0 a.m.1 views

WordPress Easy Digital Downloads plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Easy Digital Downloads plugin, which stems from the application's lack of effective filtering and escaping of...

6.4CVSS6.4AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.8 views

CVE-2024-25292

Cross-site scripting XSS vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter...

9.6CVSS6AI score0.01485EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.9 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.4CVSS5.8AI score0.00406EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:55 a.m.7 views

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

6.1CVSS5.9AI score0.00315EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.5 views

CVE-2024-55227

A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

9CVSS8AI score0.00585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.6 views

CVE-2024-40734

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...

6.1CVSS5.9AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:23 a.m.11 views

CVE-2023-43319

Cross Site Scripting XSS vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

6.1CVSS6AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.7 views

CVE-2023-36942

A cross-site scripting XSS vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field...

6.1CVSS5.8AI score0.0048EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.10 views

CVE-2023-34657

A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...

4.8CVSS5.6AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.5 views

CVE-2023-34637

A stored cross-site scripting XSS vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title parameter in the IsarFlow Portal...

5.4CVSS5.4AI score0.00343EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.7 views

CVE-2023-30417

A cross-site scripting XSS vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message...

5.4CVSS5.8AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.6 views

CVE-2023-24769

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection...

5.4CVSS5.8AI score0.00631EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.7 views

CVE-2023-24232

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

4.8CVSS5.5AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.6 views

CVE-2022-41445

A cross-site scripting XSS vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page...

4.8CVSS5.7AI score0.01015EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.5 views

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

6.1CVSS6.2AI score0.00631EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/23 12:0 a.m.14 views

CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.5 views

CVE-2022-34619

A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field...

5.4CVSS5.5AI score0.0069EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.7 views

CVE-2022-28985

A stored cross-site scripting XSS vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

6.3CVSS5.5AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.7 views

CVE-2022-28980

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...

6.1CVSS6.2AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.5 views

CVE-2022-28589

A stored cross-site scripting XSS vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=addnew...

4.8CVSS5.6AI score0.00545EPSS
Exploits1References1
Rows per page
Query Builder