Search Results (47295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-46429 1 Tenda 2 W18e, W18e Firmware 2025-03-28 8.8 High
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2022-44028 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.
CVE-2022-44027 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.
CVE-2022-44026 1 Netscout 1 Ngeniusone 2025-03-28 7.1 High
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.
CVE-2024-12772 1 Wpmanageninja 1 Ninja Tables 2025-03-28 6.1 Medium
The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.
CVE-2024-57175 1 Phpgurukul 1 Online Birth Certificate System 2025-03-28 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
CVE-2024-25898 1 Churchcrm 1 Churchcrm 2025-03-28 6.1 Medium
A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php.
CVE-2023-22971 1 Hughes 10 Hn7000s, Hn7000s Firmware, Hn9460 and 7 more 2025-03-28 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.
CVE-2022-48013 1 Opencats 1 Opencats 2025-03-28 5.4 Medium
Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.
CVE-2022-48012 1 Opencats 1 Opencats 2025-03-28 6.1 Medium
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
CVE-2022-48007 1 Piwigo 1 Piwigo 2025-03-28 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
CVE-2024-44918 1 Seacms 1 Seacms 2025-03-28 3.5 Low
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-36871 1 Codecabin 1 Wp Go Maps 2025-03-28 5.5 Medium
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.
CVE-2021-36872 1 Wordpress Popular Posts Project 1 Wordpress Popular Posts 2025-03-28 5.5 Medium
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
CVE-2021-36873 1 Webence 1 Iq Block Country 2025-03-28 5.5 Medium
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
CVE-2021-36841 1 Yithemes 1 Yith Maintenance Mode 2025-03-28 6.9 Medium
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.
CVE-2021-36845 1 Yithemes 1 Yith Maintenance Mode 2025-03-28 6.9 Medium
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.
CVE-2024-29474 1 Zhyd 1 Oneblog 2025-03-28 5.4 Medium
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.
CVE-2024-29470 1 Zhyd 1 Oneblog 2025-03-28 6.1 Medium
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
CVE-2021-36869 1 Ivorysearch 1 Ivory Search 2025-03-28 4.8 Medium
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.