Weaknesses of type CWE-94

3,793 results
CVE-2026-14752MEDIUMmjperpinosa stumasy add_into_dictionary.php add_definition cross site scriptingEPSS 0.2%CVE-2026-12130MEDIUMCodeAstro Human Resource Management System Projects Management Add_Projects cross site scriptingEPSS 0.2%CVE-2026-13504MEDIUMcode-projects Project Management System Mail Compose mail.php cross site scriptingEPSS 0.2%CVE-2026-5370MEDIUMkrayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scriptingEPSS 0.2%CVE-2026-14791MEDIUMcrater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scriptingEPSS 0.2%CVE-2025-33233HIGHNVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploitEPSS 0.2%CVE-2026-7296MEDIUMSourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scriptingEPSS 0.2%CVE-2026-8262MEDIUMDevs Palace ERP Online chart-save cross site scriptingEPSS 0.2%CVE-2026-4169MEDIUMTecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scriptingEPSS 0.2%CVE-2024-36078MEDIUMIn Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on theEPSS 0.2%CVE-2026-8221MEDIUMDevs Palace ERP Online item-save cross site scriptingEPSS 0.2%CVE-2025-14663MEDIUMcode-projects Student File Management System update_student.php cross site scriptingEPSS 0.2%CVE-2026-4356MEDIUMitsourcecode University Management System add_result.php cross site scriptingEPSS 0.2%CVE-2026-6003MEDIUMcode-projects Simple IT Discussion Forum user.php cross site scriptingEPSS 0.2%CVE-2026-8136MEDIUMSourceCodester Pharmacy Sales and Inventory System index.php users cross site scriptingEPSS 0.2%CVE-2026-8253MEDIUMDevs Palace ERP Online purchase_save cross site scriptingEPSS 0.2%CVE-2026-9564MEDIUMSourceCodester/oretnom23 Hospitals Patient Records Management System view_patient cross site scriptingEPSS 0.2%CVE-2022-22270MEDIUMAn implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact infoEPSS 0.2%CVE-2025-14722MEDIUMvion707 DMadmin Backend AddonsController.class.php add cross site scriptingEPSS 0.2%CVE-2026-3403MEDIUMPHPGurukul Student Record Management System edit-subject.php cross site scriptingEPSS 0.2%