ReportizFlow
Filtered by vendor
Subscriptions
Total
44930 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41311 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-11-04 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | ||||
| CVE-2025-1105 | 1 Siberiancms | 1 Siberiancms | 2025-11-04 | 4.3 Medium |
| A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2491 | 1 Ujcms | 1 Ujcms | 2025-11-04 | 2.4 Low |
| A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2975 | 1 Gfi | 1 Kerio Connect | 2025-11-04 | 3.5 Low |
| A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2976 | 1 Gfi | 1 Kerio Connect | 2025-11-04 | 3.5 Low |
| A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30929 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 8.0 High |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php | ||||
| CVE-2024-30927 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 6.3 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | ||||
| CVE-2024-30926 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 4.6 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | ||||
| CVE-2024-30925 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 6.5 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | ||||
| CVE-2024-30921 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 5.4 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | ||||
| CVE-2024-30920 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 7.4 High |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | ||||
| CVE-2023-51338 | 1 Phpjabbers | 1 Meeting Room Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. | ||||
| CVE-2023-51337 | 1 Phpjabbers | 1 Event Ticketing System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. | ||||
| CVE-2023-51335 | 1 Phpjabbers | 1 Cinema Booking System | 2025-11-04 | 6.5 Medium |
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51330 | 1 Phpjabbers | 1 Cinema Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | ||||
| CVE-2023-51328 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-11-04 | 5.4 Medium |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | ||||
| CVE-2023-51325 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51318 | 1 Phpjabbers | 1 Bus Reservation System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Bus Reservation System v1.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | ||||
| CVE-2023-51315 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. | ||||
| CVE-2023-51312 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-11-04 | 5.4 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter. | ||||