Export limit exceeded: 46953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46953 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28083 | 2 Uxthemes, Wordpress | 2 Flatsome, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.5. | ||||
| CVE-2010-4514 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1030 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | ||||
| CVE-2009-4110 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page. | ||||
| CVE-2013-4649 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI. | ||||
| CVE-2008-6644 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2012-1036 | 2 Dnnsoftware, Dotnetnuke | 2 Dotnetnuke, Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | ||||
| CVE-2013-3943 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile. | ||||
| CVE-2016-7119 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element. | ||||
| CVE-2015-1566 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1366 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality." | ||||
| CVE-2008-6733 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter. | ||||
| CVE-2008-6732 | 1 Dnnsoftware | 1 Dotnetnuke | 2026-04-24 | N/A |
| Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths." | ||||
| CVE-2026-27348 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through < 7.7.6. | ||||
| CVE-2026-27358 | 2 Themegoods, Wordpress | 2 Architecturer, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through < 3.9.5. | ||||
| CVE-2026-41346 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.3 Medium |
| OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts, causing denial of service. | ||||
| CVE-2026-4969 | 1 Code-projects | 1 Social Networking Site | 2026-04-24 | 3.5 Low |
| A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the argument content leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-4995 | 1 Wandb | 1 Openui | 2026-04-24 | 3.5 Low |
| A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5015 | 1 Elecv2 | 1 Elecv2p | 2026-04-24 | 4.3 Medium |
| A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-4973 | 1 Sourcecodester | 1 Online Quiz System | 2026-04-24 | 3.5 Low |
| A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||