Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2951 | 1 Npds | 1 Npds | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php.
|
|||||
| CVE-2002-2273 | 1 Webster | 1 Webster Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2024-37798 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-03 | N/A | 5.9 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
|
|||||
| CVE-2024-34796 | 1 Accessally | 1 Popupally | 2025-04-03 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.
|
|||||
| CVE-2025-27914 | 1 Zimbra | 1 Collaboration | 2025-04-02 | N/A | 5.4 MEDIUM |
|
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim.
|
|||||
| CVE-2024-22880 | 1 Zadarma | 1 Zadarma | 2025-04-02 | N/A | 4.7 MEDIUM |
|
Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.
|
|||||
| CVE-2024-57348 | 1 Pecanproject | 1 Pecan | 2025-04-02 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters.
|
|||||
| CVE-2024-25876 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
|
|||||
| CVE-2024-25875 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.
|
|||||
| CVE-2024-25874 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.
|
|||||
| CVE-2024-25974 | 1 Frentix | 1 Openolat | 2025-04-02 | N/A | 5.4 MEDIUM |
|
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
|
|||||
| CVE-2024-32138 | 1 Kaizencoders | 1 Short Url | 2025-04-02 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8.
|
|||||
| CVE-2024-32133 | 1 Ezplugins | 1 Ez Form Calculator | 2025-04-02 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3.
|
|||||
| CVE-2024-10565 | 1 10web | 1 Slider | 2025-04-02 | N/A | 6.1 MEDIUM |
|
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-10105 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-02 | N/A | 5.9 MEDIUM |
|
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
|
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
|
|||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
|
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
|
|||||
| CVE-2022-41441 | 1 Reqlogic | 1 Reqlogic | 2025-04-02 | N/A | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
|
|||||
| CVE-2021-43446 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 6.1 MEDIUM |
|
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.
|
|||||
| CVE-2025-26054 | 2025-04-02 | N/A | 5.4 MEDIUM | ||
|
Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration.
|
|||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 6.1 MEDIUM |
|
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
|
|||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 6.1 MEDIUM |
|
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
|
|||||
| CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 5.4 MEDIUM |
|
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
|
|||||
| CVE-2022-4627 | 1 Sevenspark | 1 Shiftnav | 2025-04-02 | N/A | 5.4 MEDIUM |
|
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
|||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 9.3 CRITICAL |
|
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
|
|||||
| CVE-2024-32140 | 1 Libsyn | 1 Libsyn Publisher Hub | 2025-04-02 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.
|
|||||
| CVE-2024-32145 | 1 Wpgoaltracker | 1 Wp Google Analytics Events | 2025-04-02 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0.
|
|||||
| CVE-2024-32147 | 1 Ghozylab | 1 Contact Form | 2025-04-02 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.
|
|||||
| CVE-2024-32428 | 1 Mosswebworks | 1 Mww Disclaimer Buttons | 2025-04-02 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through 3.0.2.
|
|||||
| CVE-2024-32429 | 1 Wpchill | 1 Remove Footer Credit | 2025-04-02 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a through 1.0.13.
|
|||||
| CVE-2024-32453 | 1 Poeditor | 1 Poeditor | 2025-04-02 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8.
|
|||||
| CVE-2025-31431 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Bookmarks allows Reflected XSS. This issue affects WP Bookmarks: from n/a through 1.1.
|
|||||
| CVE-2025-31080 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.1.
|
|||||
| CVE-2025-30554 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0.
|
|||||
| CVE-2025-31571 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.
|
|||||
| CVE-2025-31446 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner allows Reflected XSS. This issue affects WP Cleaner: from n/a through 1.1.5.
|
|||||
| CVE-2025-3097 | 2025-04-02 | N/A | 6.1 MEDIUM | ||
|
The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2025-31889 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.
|
|||||
| CVE-2025-31548 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.
|
|||||
| CVE-2025-30906 | 2025-04-02 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3.
|
|||||