Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | N/A | 7.1 HIGH |
|
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
|
|||||
| CVE-2024-48239 | 1 Wtcms Project | 1 Wtcms | 2025-04-17 | N/A | 4.8 MEDIUM |
|
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
|
|||||
| CVE-2024-48195 | 1 Eyoucms | 1 Eyoucms | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
|
|||||
| CVE-2023-42233 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
|
|||||
| CVE-2023-42230 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
|
|||||
| CVE-2023-42245 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
|
|||||
| CVE-2023-42246 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
|
|||||
| CVE-2023-42247 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
|
|||||
| CVE-2023-42249 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
|
|||||
| CVE-2023-42250 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
|
|||||
| CVE-2022-46870 | 1 Apache | 1 Zeppelin | 2025-04-17 | N/A | 5.4 MEDIUM |
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.
This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.
|
|||||
| CVE-2022-40434 | 1 Softr | 1 Softr | 2025-04-17 | N/A | 9.8 CRITICAL |
|
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.
|
|||||
| CVE-2022-27494 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
|
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
|
|||||
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
|
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
|
|||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | N/A | 5.3 MEDIUM |
|
VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.
|
|||||
| CVE-2022-46287 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2022-41993 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
|
|||||
| CVE-2022-40743 | 1 Apache | 1 Traffic Server | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.
|
|||||
| CVE-2022-40435 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2025-04-17 | N/A | 4.8 MEDIUM |
|
Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module.
|
|||||
| CVE-2022-3987 | 1 Noorsplugin | 1 Responsive Lightbox2 | 2025-04-17 | N/A | 5.4 MEDIUM |
|
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
|
|||||
| CVE-2024-12045 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-17 | N/A | 4.4 MEDIUM |
|
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affect ...
Show More |
|||||
| CVE-2024-54687 | 1 Vtiger | 1 Vtiger Crm | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.
|
|||||
| CVE-2024-35498 | 1 Getgrav | 1 Grav | 2025-04-17 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2024-56410 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-17 | N/A | 5.4 MEDIUM |
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
|
|||||
| CVE-2024-10706 | 1 W3eden | 1 Download Manager | 2025-04-17 | N/A | 4.8 MEDIUM |
|
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-52676 | 1 Emiloimagtolis | 1 Online Discussion Forum | 2025-04-17 | N/A | 5.4 MEDIUM |
|
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.
|
|||||
| CVE-2022-25929 | 1 Smoothiecharts | 1 Smoothie Charts | 2025-04-16 | N/A | 5.4 MEDIUM |
|
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
|
|||||
| CVE-2023-45552 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | N/A | 6.5 MEDIUM |
|
In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal.
|
|||||
| CVE-2024-34224 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 7.3 HIGH |
|
Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.
|
|||||
| CVE-2024-29865 | 1 Logpoint | 1 Siem | 2025-04-16 | N/A | 5.4 MEDIUM |
|
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.
|
|||||
| CVE-2023-49983 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
|
|||||
| CVE-2023-49986 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 4.7 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
|
|||||
| CVE-2024-25551 | 1 Oretnom23 | 1 Simple Student Attendance System | 2025-04-16 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL.
|
|||||
| CVE-2024-25434 | 1 Pkp.sfu | 1 Open Journal Systems | 2025-04-16 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter.
|
|||||
| CVE-2023-49985 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.5 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter.
|
|||||
| CVE-2023-49984 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
|
|||||
| CVE-2022-46096 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
|
A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to register.php without logging in.
|
|||||
| CVE-2022-46095 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
|
Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccinationID parameter.
|
|||||
| CVE-2022-44449 | 1 Zenphoto | 1 Zenphoto | 2025-04-16 | N/A | 4.8 MEDIUM |
|
Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
|
|||||
| CVE-2022-40841 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-04-16 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter.
|
|||||