Total
37758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28679 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | |||||
| CVE-2024-28680 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. | |||||
| CVE-2024-28683 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. | |||||
| CVE-2024-1437 | 1 Adsplugin | 1 Adsmonetizer | 2025-04-01 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2. | |||||
| CVE-2024-28671 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 8.8 HIGH |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. | |||||
| CVE-2024-28676 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. | |||||
| CVE-2024-51938 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2025-03-31 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2. | |||||
| CVE-2024-10515 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-03-31 | N/A | 3.5 LOW |
| In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | |||||
| CVE-2024-51209 | 1 Phpgurukul | 1 Client Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page. | |||||
| CVE-2024-48807 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. | |||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | |||||
| CVE-2024-46470 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | |||||
| CVE-2024-45528 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. | |||||
| CVE-2024-7054 | 1 Code-atlantic | 1 Popup Maker | 2025-03-31 | N/A | 6.4 MEDIUM |
| The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-39659 | 1 Lesterchan | 1 Wp-postratings | 2025-03-31 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1. | |||||
| CVE-2024-48709 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php | |||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | |||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | |||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. | |||||
| CVE-2024-43292 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-03-31 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16. | |||||