Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54315 | 1 Nicheaddons | 1 Events Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2.
|
|||||
| CVE-2024-54316 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8.
|
|||||
| CVE-2024-31544 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.
|
|||||
| CVE-2024-11203 | 1 Wpdeveloper | 1 Embedpress | 2025-04-11 | N/A | 6.4 MEDIUM |
|
The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will exe ...
Show More |
|||||
| CVE-2024-32337 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
|
|||||
| CVE-2024-32338 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
|
|||||
| CVE-2023-29508 | 1 Xwiki | 1 Xwiki | 2025-04-11 | N/A | 8.9 HIGH |
|
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
|
|||||
| CVE-2024-32339 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
|
|||||
| CVE-2024-32340 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 9.6 CRITICAL |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
|
|||||
| CVE-2024-32341 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
|
|||||
| CVE-2024-32344 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 6.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
|
|||||
| CVE-2024-32345 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 7.2 HIGH |
|
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section.
|
|||||
| CVE-2024-32743 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.5 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module.
|
|||||
| CVE-2024-32744 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 4.6 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module.
|
|||||
| CVE-2024-30879 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 6.1 MEDIUM |
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function.
|
|||||
| CVE-2024-32745 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.9 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module.
|
|||||
| CVE-2024-30880 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 5.4 MEDIUM |
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function.
|
|||||
| CVE-2024-31120 | 1 Wpdevart | 1 Gallery | 2025-04-11 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
|
|||||
| CVE-2024-30524 | 1 Redlettuce | 1 Pdf Viewer For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedLettuce Plugins PDF Viewer for Elementor allows Stored XSS.This issue affects PDF Viewer for Elementor: from n/a through 2.9.3.
|
|||||
| CVE-2024-30883 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 4.7 MEDIUM |
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function.
|
|||||
| CVE-2022-40711 | 1 Primekey | 1 Ejbca | 2025-04-11 | N/A | 4.8 MEDIUM |
|
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users.
|
|||||
| CVE-2022-37787 | 1 Wecube-platform Project | 1 Wecube-platform | 2025-04-11 | N/A | 6.1 MEDIUM |
|
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.
|
|||||
| CVE-2022-34323 | 1 Sage | 1 Sage Xrt Business Exchange | 2025-04-11 | N/A | 5.4 MEDIUM |
|
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model features (OnlineBanking > Web Monitoring > Settings > Filters / Display models). The name of a filter or a display model is interpreted as HTML and can thus embed JavaScript code, which is executed when displ ...
Show More |
|||||
| CVE-2024-28775 | 2 Ibm, Linux | 2 Websphere Automation, Linux Kernel | 2025-04-11 | N/A | 4.4 MEDIUM |
|
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648.
|
|||||
| CVE-2024-33639 | 1 Accessally | 1 Popupally | 2025-04-11 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.
|
|||||
| CVE-2024-3194 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-11 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-2336 | 1 Code-atlantic | 1 Popup Maker | 2025-04-11 | N/A | 6.4 MEDIUM |
|
The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2011-10006 | 1 Lesterchan | 1 Wp-postratings | 2025-04-11 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerabili ...
Show More |
|||||
| CVE-2011-2342 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
|||||
| CVE-2012-6628 | 1 Xyzscripts | 1 Newsletter Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.
|
|||||
| CVE-2013-3999 | 1 Ibm | 1 Social Media Analytics | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-2464 | 2 Joomla, Rsjoomla | 2 Joomla\!, Com Rscomments | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
|
|||||
| CVE-2010-2700 | 1 Edgephp | 1 Clickbank Affiliate Marketplace Script | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2010-1420 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
|
|||||
| CVE-2011-4910 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2010-1594 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3890 | 1 Ibm | 1 Omnifind | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do.
|
|||||
| CVE-2011-5258 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
|
|||||
| CVE-2011-3294 | 1 Cisco | 2 Telepresence Video Communication Servers, Telepresence Video Communication Servers Software | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.
|
|||||
| CVE-2012-6574 | 2 Drupal, Soprano | 2 Drupal, Fonecta Verify | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
|
|||||