Total
37565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4250 | 1 Metagauss | 1 Eventprime | 2025-04-03 | N/A | 6.1 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-0295 | 1 Code-projects | 1 Online Book Shop | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2049 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2047 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1967 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /user_dashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1957 | 1 Code-projects | 1 Blood Bank System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /BBfile/Blood/o+.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1935 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 4.3 MEDIUM |
| A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2024-22547 | 1 Wayos | 2 Ibr-7150, Ibr-7150 Firmware | 2025-04-03 | N/A | 4.7 MEDIUM |
| WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2024-25369 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-04-03 | N/A | 5.4 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. | |||||
| CVE-2024-2130 | 1 Codeworkweb | 1 Cww Companion | 2025-04-03 | N/A | 6.4 MEDIUM |
| The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-42308 | 1 Code-projects | 1 Exam Form Submission | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the "Subject Name" and "Subject Code" Section. | |||||
| CVE-2024-24097 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | |||||
| CVE-2024-12982 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30349 | 2025-04-03 | N/A | 7.2 HIGH | ||
| Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025. | |||||
| CVE-2023-1030 | 1 Online Boat Reservation System Project | 1 Online Boat Reservation System | 2025-04-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | |||||
| CVE-2003-0801 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | |||||
| CVE-2004-2738 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | |||||
| CVE-2003-1353 | 1 Lanifex | 1 Outreach Project Tool | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | |||||
| CVE-2004-2701 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter. | |||||