Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42095 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-28 | N/A | 4.8 MEDIUM |
|
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
|
|||||
| CVE-2024-46077 | 1 Mayurik | 1 Online Tours And Travels Management System | 2025-04-28 | N/A | 5.4 MEDIUM |
|
itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php.
|
|||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2024-33866 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.5 MEDIUM |
|
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS.
|
|||||
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
|
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.
|
|||||
| CVE-2024-46083 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
|
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users.
|
|||||
| CVE-2024-46079 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 6.1 MEDIUM |
|
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.
|
|||||
| CVE-2024-46081 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
|
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform.
|
|||||
| CVE-2024-35362 | 1 Shopex | 1 Ecshop | 2025-04-28 | N/A | 5.4 MEDIUM |
|
Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php.
|
|||||
| CVE-2024-20487 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 4.3 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary scrip ...
Show More |
|||||
| CVE-2024-56144 | 1 Librenms | 1 Librenms | 2025-04-28 | N/A | 4.6 MEDIUM |
|
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue ...
Show More |
|||||
| CVE-2025-23198 | 1 Librenms | 1 Librenms | 2025-04-28 | N/A | 4.6 MEDIUM |
|
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue ...
Show More |
|||||
| CVE-2024-44573 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 4.7 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2024-40482 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 9.8 CRITICAL |
|
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
|||||
| CVE-2024-25837 | 1 Octobercms | 1 October | 2025-04-28 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.
|
|||||
| CVE-2023-52048 | 1 Ruoyi | 1 Ruoyi | 2025-04-28 | N/A | 4.7 MEDIUM |
|
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.
|
|||||
| CVE-2022-42985 | 1 Scratch-wiki | 1 Scratch Login | 2025-04-25 | N/A | 4.8 MEDIUM |
|
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
|
|||||
| CVE-2022-38147 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
|
|||||
| CVE-2022-38145 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
|
|||||
| CVE-2022-37430 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
|
|||||
| CVE-2022-37429 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
|
|||||
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
|
|||||
| CVE-2023-49034 | 1 Projeqtor | 1 Projeqtor | 2025-04-25 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
|
|||||
| CVE-2023-46967 | 1 Enhancesoft | 1 Osticket | 2025-04-25 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
|
|||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2022-45221 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-25 | N/A | 4.8 MEDIUM |
|
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.
|
|||||
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.
|
|||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 5.4 MEDIUM |
|
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
|
|||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
|
|||||
| CVE-2022-44284 | 1 Dinstar | 2 Dag2000-16o, Dag2000-16o Firmware | 2025-04-25 | N/A | 5.4 MEDIUM |
|
Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2025-04-25 | N/A | 4.8 MEDIUM |
|
The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2022-45472 | 1 Caehealthcare | 1 Learningspace Enterprise | 2025-04-25 | N/A | 5.4 MEDIUM |
|
CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.
|
|||||
| CVE-2022-45040 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
|
|||||
| CVE-2022-45038 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
|
|||||
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
|
|||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
|
|||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 3.5 LOW | 5.5 MEDIUM |
|
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2024-25344 | 1 Itflow | 1 Itflow | 2025-04-25 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.
|
|||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
|
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.
|
|||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | N/A | 9.0 CRITICAL |
|
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
|
|||||