Total
36793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28276 | 1 Rems | 1 School Task Manager | 2025-04-22 | N/A | 6.1 MEDIUM |
| Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. | |||||
| CVE-2024-34230 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | |||||
| CVE-2024-34231 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.1 HIGH |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | |||||
| CVE-2024-33304 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 6.1 MEDIUM |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | |||||
| CVE-2024-33306 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.4 HIGH |
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | |||||
| CVE-2024-33307 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | |||||
| CVE-2024-33302 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 5.3 MEDIUM |
| SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. | |||||
| CVE-2024-33303 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 8.2 HIGH |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. | |||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | |||||
| CVE-2022-31358 | 1 Proxmox | 1 Virtual Environment | 2025-04-22 | N/A | 9.0 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. | |||||
| CVE-2024-33305 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | |||||
| CVE-2022-34560 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 7.1 HIGH |
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter. | |||||
| CVE-2022-34561 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 4.3 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter. | |||||
| CVE-2022-34562 | 1 Phpfox | 1 Phpfox | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box. | |||||
| CVE-2024-7068 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. | |||||
| CVE-2024-7916 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8209 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8208 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-54775 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-22 | N/A | 4.8 MEDIUM |
| Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. | |||||
| CVE-2024-56314 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||