Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32570 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3.
|
|||||
| CVE-2025-32683 | 2025-04-09 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32.
|
|||||
| CVE-2025-32503 | 2025-04-09 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.
|
|||||
| CVE-2024-56998 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.2 MEDIUM |
|
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
|
|||||
| CVE-2024-56997 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.2 MEDIUM |
|
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
|
|||||
| CVE-2024-56990 | 1 Phpgurukul | 1 Hospital Management System | 2025-04-09 | N/A | 4.5 MEDIUM |
|
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
|
|||||
| CVE-2024-57033 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.1 MEDIUM |
|
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.
|
|||||
| CVE-2024-53470 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.1 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.
|
|||||
| CVE-2024-53471 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.1 MEDIUM |
|
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.
|
|||||
| CVE-2025-22139 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.1 MEDIUM |
|
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
|
|||||
| CVE-2025-22596 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
|
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
|
|||||
| CVE-2025-22599 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
|
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
|
|||||
| CVE-2025-22600 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
|
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8.
|
|||||
| CVE-2025-22613 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The app ...
Show More |
|||||
| CVE-2025-23036 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are ...
Show More |
|||||
| CVE-2025-23037 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to ...
Show More |
|||||
| CVE-2024-57030 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 8.1 HIGH |
|
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
|
|||||
| CVE-2021-46871 | 1 Phoenixframework | 1 Phoenix Html | 2025-04-09 | N/A | 6.1 MEDIUM |
|
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.
|
|||||
| CVE-2022-38489 | 1 Easyvista | 1 Service Manager | 2025-04-09 | N/A | 4.8 MEDIUM |
|
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). Version 2022.1.110.1.02 fixes the vulnerably.
|
|||||
| CVE-2024-29833 | 1 10web | 1 Photo Gallery | 2025-04-09 | N/A | 5.4 MEDIUM |
|
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.
|
|||||
| CVE-2024-29832 | 1 10web | 1 Photo Gallery | 2025-04-09 | N/A | 6.1 MEDIUM |
|
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.
Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.
|
|||||
| CVE-2024-29810 | 1 10web | 1 Photo Gallery | 2025-04-09 | N/A | 5.4 MEDIUM |
|
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
|
|||||
| CVE-2024-2578 | 1 Wow-company | 1 Wp Coder | 2025-04-09 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5.
|
|||||
| CVE-2022-46603 | 1 Inkdrop | 1 Inkdrop | 2025-04-09 | N/A | 6.1 MEDIUM |
|
An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.
|
|||||
| CVE-2021-36603 | 1 Tasmota Project | 1 Tasmota | 2025-04-09 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".
|
|||||
| CVE-2025-3397 | 1 Yzmcms | 1 Yzmcms | 2025-04-09 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-42704 | 1 Servicenow | 1 Servicenow | 2025-04-09 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
|
|||||
| CVE-2024-13877 | 1 Sjehutch | 1 Passbeemedia Web Push Notification | 2025-04-09 | N/A | 7.1 HIGH |
|
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
|
|||||
| CVE-2024-13876 | 1 Tiefpunkt | 1 Meintopf | 2025-04-09 | N/A | 7.1 HIGH |
|
The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
|
|||||
| CVE-2025-1337 | 2025-04-09 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.5.27.0 is able to address this issue.
|
|||||
| CVE-2025-28875 | 1 Shanebp | 1 Bp Email Assign Templates | 2025-04-09 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6.
|
|||||
| CVE-2025-28878 | 1 Willbrubaker | 1 Awesome Surveys | 2025-04-09 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10.
|
|||||
| CVE-2025-1486 | 1 Andreafarracani | 1 Wowpth | 2025-04-09 | N/A | 7.1 HIGH |
|
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2025-1487 | 1 Andreafarracani | 1 Wowpth | 2025-04-09 | N/A | 7.1 HIGH |
|
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
|
|||||
| CVE-2024-13602 | 1 Ays-pro | 1 Poll Maker | 2025-04-09 | N/A | 4.8 MEDIUM |
|
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2008-4184 | 1 Webcms | 1 Webcms Portal Edition | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attackers to inject arbitrary web script or HTML via the patron parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5136 | 1 Dragonfrugal | 1 Dfd Cart | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-1240 | 1 Docebo | 1 Docebo | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1796 | 1 Sun | 1 Java System Portal Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.
|
|||||
| CVE-2009-3444 | 1 E107 | 1 E107 | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
|
|||||