Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51938 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2025-03-31 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2.
|
|||||
| CVE-2024-10515 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-03-31 | N/A | 3.5 LOW |
|
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
|
|||||
| CVE-2024-51209 | 1 Phpgurukul | 1 Client Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.
|
|||||
| CVE-2024-48807 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
|
|||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.
|
|||||
| CVE-2024-46470 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
|
|||||
| CVE-2024-45528 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS.
|
|||||
| CVE-2024-7054 | 1 Code-atlantic | 1 Popup Maker | 2025-03-31 | N/A | 6.4 MEDIUM |
|
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘close_text’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-39659 | 1 Lesterchan | 1 Wp-postratings | 2025-03-31 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.
|
|||||
| CVE-2024-48709 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php
|
|||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.
|
|||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php
|
|||||
| CVE-2024-46236 | 1 Codeastro | 1 Membership Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php.
|
|||||
| CVE-2024-43292 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-03-31 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16.
|
|||||
| CVE-2024-11974 | 1 Davidlingren | 1 Media Library Assistant | 2025-03-31 | N/A | 6.1 MEDIUM |
|
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2013-0202 | 1 Owncloud | 1 Owncloud Server | 2025-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
|
|||||
| CVE-2013-0203 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
|
|||||
| CVE-2024-25865 | 1 Anzhiyu-c | 1 Hexo-theme-anzhiyu | 2025-03-29 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function.
|
|||||
| CVE-2024-25435 | 1 Md1health | 1 Md1patient | 2025-03-29 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter.
|
|||||
| CVE-2024-35621 | 2025-03-28 | N/A | 4.8 MEDIUM | ||
|
A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.
|
|||||
| CVE-2024-23349 | 1 Apache | 1 Answer | 2025-03-28 | N/A | 5.4 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.
XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.
Users are recommended to upgrade to version [1.2.5], which fixes the issue.
|
|||||
| CVE-2024-22344 | 1 Ibm | 1 Txseries For Multiplatform | 2025-03-28 | N/A | 6.1 MEDIUM |
|
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191.
|
|||||
| CVE-2024-11993 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-03-28 | N/A | 6.1 MEDIUM |
|
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
|
|||||
| CVE-2024-0820 | 1 Blueglass | 1 Jobs For Wordpress | 2025-03-28 | N/A | 5.4 MEDIUM |
|
The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
|
|||||
| CVE-2022-44024 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
|
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.
|
|||||
| CVE-2022-39813 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | N/A | 6.1 MEDIUM |
|
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.
|
|||||
| CVE-2025-2163 | 1 Zoorum | 1 Zoorum Comments | 2025-03-28 | N/A | 6.1 MEDIUM |
|
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
|
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
|
|||||
| CVE-2024-34089 | 1 Archerirm | 1 Archer | 2025-03-28 | N/A | 7.3 HIGH |
|
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.
|
|||||
| CVE-2024-28401 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-28 | N/A | 5.4 MEDIUM |
|
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
|
|||||
| CVE-2024-27668 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 6.1 MEDIUM |
|
Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
|
|||||
| CVE-2024-26284 | 1 Mozilla | 1 Firefox Focus | 2025-03-28 | N/A | 6.1 MEDIUM |
|
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
|
|||||
| CVE-2024-25436 | 1 Sfu | 1 Open Journal Systems | 2025-03-28 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.
|
|||||
| CVE-2023-33528 | 1 Halo | 1 Halo | 2025-03-28 | N/A | 6.1 MEDIUM |
|
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2022-44029 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
|
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.
|
|||||
| CVE-2022-44025 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
|
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.
|
|||||
| CVE-2025-24746 | 1 Code-atlantic | 1 Popup Maker | 2025-03-28 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
|
|||||
| CVE-2025-23057 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
|
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
|
|||||
| CVE-2025-23056 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
|
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
|
|||||
| CVE-2025-23055 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
|
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
|
|||||