Search Results (47135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-4721 1 Campcodes 1 Complete Web-based School Management System 2025-02-20 3.5 Low
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.
CVE-2025-1196 1 Fabian 1 Real Estate Property Management System 2025-02-20 3.5 Low
A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-1195 1 Fabian 1 Real Estate Property Management System 2025-02-20 3.5 Low
A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-36920 1 Wpchill 1 Download Monitor 2025-02-20 4.8 Medium
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).
CVE-2021-23174 1 Wpchill 1 Download Monitor 2025-02-20 3.4 Low
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0].
CVE-2022-23980 1 Yet Another Stars Rating Project 1 Yet Another Stars Rating 2025-02-20 4.7 Medium
Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter 'source'.
CVE-2021-26256 1 Ays-pro 1 Survey Maker 2025-02-20 4.7 Medium
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
CVE-2022-25601 2 Fedoraproject, Plugin-planet 2 Fedora, Contact Form X 2025-02-20 4.7 Medium
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).
CVE-2022-25603 1 Maxfoundry 1 Maxgalleria 2025-02-20 4.8 Medium
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).
CVE-2022-25604 1 Price Table Project 1 Price Table 2025-02-20 4.1 Medium
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).
CVE-2022-25605 1 Wp-downloadmanager Project 1 Wp-downloadmanager 2025-02-20 4.8 Medium
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.
CVE-2022-25609 1 Yooslider 1 Yoo Slider 2025-02-20 5.4 Medium
Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.
CVE-2022-25606 1 Wp-downloadmanager Project 1 Wp-downloadmanager 2025-02-20 4.8 Medium
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.
CVE-2022-25610 1 Plugin-planet 1 Simple Ajax Chat 2025-02-20 3.4 Low
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.
CVE-2022-25611 1 Presstigers 1 Simple Event Planner 2025-02-20 4.1 Medium
Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
CVE-2022-25612 1 Presstigers 1 Simple Event Planner 2025-02-20 4.1 Medium
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
CVE-2022-25618 1 Tms-outsource 1 Wpdatatables Lite 2025-02-20 3.4 Low
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
CVE-2021-36851 1 Web-settler 1 Testimonial Slider 2025-02-20 4.1 Medium
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.
CVE-2021-36910 1 Wp-appbox Project 1 Wp-appbox 2025-02-20 3.4 Low
Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20.
CVE-2021-36848 1 Sharethis 1 Social Media Feather 2025-02-20 3.4 Low
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4