ReportizFlow
Filtered by vendor
Subscriptions
Total
45094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42763 | 2 Kashipara, Kjayvik | 2 Bus Ticket Reservation System, Bus Ticket Reservation System | 2025-05-06 | 5.4 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the "bookingdate" parameter. | ||||
| CVE-2024-42761 | 2 Kashipara, Kjayvik | 2 Bus Ticket Reservation System, Bus Ticket Reservation System | 2025-05-06 | 6.1 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. | ||||
| CVE-2025-3488 | 1 Wpml | 1 Wpml | 2025-05-06 | 6.4 Medium |
| The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-50841 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters. | ||||
| CVE-2024-50842 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. | ||||
| CVE-2024-50837 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | ||||
| CVE-2022-32923 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-05-06 | 6.5 Medium |
| A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2022-3869 | 1 Froxlor | 1 Froxlor | 2025-05-05 | 6.1 Medium |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | ||||
| CVE-2024-31868 | 1 Apache | 1 Zeppelin | 2025-05-05 | 6.1 Medium |
| Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | ||||
| CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2025-05-05 | 6.1 Medium |
| andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | ||||
| CVE-2022-40183 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2025-05-05 | 5.8 Medium |
| An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. | ||||
| CVE-2024-0973 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-05-05 | 6.1 Medium |
| The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-1401 | 1 Awplife | 1 Profile Box Shortcode And Widget | 2025-05-05 | 4.8 Medium |
| The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2025-05-05 | 6.1 Medium |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | ||||
| CVE-2023-7246 | 1 Bowo | 1 System Dashboard | 2025-05-05 | 5.4 Medium |
| The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks | ||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2025-05-05 | 6.1 Medium |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | ||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2025-05-05 | 6.1 Medium |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | ||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2025-05-05 | 6.1 Medium |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | ||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2025-05-05 | 6.1 Medium |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | ||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2025-05-05 | 6.1 Medium |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | ||||