Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3387 | 1 Renrenio | 1 Renren-security | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3386 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3385 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-43143 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2025-04-29 | N/A | 9.6 CRITICAL |
|
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.
|
|||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | N/A | 5.4 MEDIUM |
|
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.
|
|||||
| CVE-2022-42096 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
|
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
|
|||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2025-04-29 | N/A | 4.8 MEDIUM |
|
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
|
|||||
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2025-04-29 | N/A | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
|
|||||
| CVE-2021-31739 | 1 Seppmail | 1 Seppmail | 2025-04-29 | N/A | 6.1 MEDIUM |
|
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.
|
|||||
| CVE-2024-13207 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-04-29 | N/A | 4.8 MEDIUM |
|
The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-13610 | 1 Wpbrigade | 1 Simple Social Buttons | 2025-04-29 | N/A | 4.8 MEDIUM |
|
The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-3081 | 1 Easycorp | 1 Easyadmin | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the af ...
Show More |
|||||
| CVE-2025-2279 | 1 Robosoft | 1 Maps | 2025-04-29 | N/A | 5.9 MEDIUM |
|
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
|
|||||
| CVE-2024-11924 | 1 Icegram | 1 Icegram Express | 2025-04-29 | N/A | 3.5 LOW |
|
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-1523 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-29 | N/A | 3.5 LOW |
|
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2025-46239 | 1 Plugin-planet | 1 Theme Switcha | 2025-04-29 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.
|
|||||
| CVE-2025-46240 | 1 Plugin-planet | 1 Simple Download Counter | 2025-04-29 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2.
|
|||||
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | N/A | 6.0 MEDIUM |
|
Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files.
|
|||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | N/A | 6.1 MEDIUM |
|
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | N/A | 3.5 LOW |
|
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | N/A | 7.1 HIGH |
|
The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | N/A | 5.4 MEDIUM |
|
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
|
|||||
| CVE-2022-45015 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
|
|||||
| CVE-2022-45014 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
|
|||||
| CVE-2022-45013 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.
|
|||||
| CVE-2022-45012 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
|
|||||
| CVE-2022-44787 | 1 Maggioli | 1 Appalti \& Contratti | 2025-04-29 | N/A | 6.1 MEDIUM |
|
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized.
|
|||||
| CVE-2022-43142 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.
|
|||||
| CVE-2022-36180 | 1 Fusiondirectory | 1 Fusiondirectory | 2025-04-29 | N/A | 9.6 CRITICAL |
|
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.
|
|||||
| CVE-2022-43984 | 1 Spatie | 1 Browsershot | 2025-04-29 | N/A | 8.2 HIGH |
|
Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.
|
|||||
| CVE-2022-43983 | 1 Spatie | 1 Browsershot | 2025-04-29 | N/A | 8.2 HIGH |
|
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.
|
|||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 6.1 MEDIUM |
|
MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name
|
|||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 6.1 MEDIUM |
|
MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data
|
|||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.
|
|||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | N/A | 4.8 MEDIUM |
|
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
|
|||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | N/A | 4.8 MEDIUM |
|
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
|
|||||
| CVE-2022-41706 | 1 Spatie | 1 Browsershot | 2025-04-29 | N/A | 8.2 HIGH |
|
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
|
|||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.
|
|||||
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2025-04-29 | N/A | 5.4 MEDIUM |
|
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.
|
|||||