Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25431 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2025-03-18 | N/A | 4.8 MEDIUM |
|
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.
|
|||||
| CVE-2023-24369 | 1 Ujcms | 1 Ujcms | 2025-03-18 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.
|
|||||
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2025-03-18 | N/A | 6.1 MEDIUM |
|
The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS).
|
|||||
| CVE-2022-25978 | 1 Usememos | 1 Memos | 2025-03-18 | N/A | 5.4 MEDIUM |
|
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
|
|||||
| CVE-2024-43304 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0.
|
|||||
| CVE-2024-4970 | 1 Devnath Verma | 1 Widget Bundle | 2025-03-18 | N/A | 4.8 MEDIUM |
|
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
|||||
| CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2025-03-18 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.
|
|||||
| CVE-2024-39248 | 1 Fikeulous | 1 Simpcms | 2025-03-18 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php.
|
|||||
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2025-03-18 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.
|
|||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | N/A | 7.5 HIGH |
|
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
|
|||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2025-03-18 | N/A | 6.1 MEDIUM |
|
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
|
|||||
| CVE-2024-34091 | 1 Archerirm | 1 Archer | 2025-03-18 | N/A | 7.3 HIGH |
|
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed releas ...
Show More |
|||||
| CVE-2024-5529 | 1 Holoborodko | 1 Wp Quicklatex | 2025-03-18 | N/A | 4.8 MEDIUM |
|
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
|||||
| CVE-2024-45180 | 1 Squaredup | 1 Squaredup Ds For Scom | 2025-03-18 | N/A | 5.4 MEDIUM |
|
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
|
|||||
| CVE-2024-23786 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-18 | N/A | 9.3 CRITICAL |
|
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
|
|||||
| CVE-2024-13564 | 1 Apollo13 | 1 Rife Elementor Extensions \& Templates | 2025-03-18 | N/A | 6.4 MEDIUM |
|
The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-29117 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-18 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0.
|
|||||
| CVE-2024-29928 | 1 Wpcodeus | 1 Advanced Sermons | 2025-03-18 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1.
|
|||||
| CVE-2024-30549 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-18 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.8.0.
|
|||||
| CVE-2024-27952 | 1 Wpcodeus | 1 Advanced Sermons | 2025-03-18 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2.
|
|||||
| CVE-2024-37624 | 1 Rockoa | 1 Xinhu | 2025-03-17 | N/A | 6.1 MEDIUM |
|
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
|
|||||
| CVE-2024-25976 | 2025-03-17 | N/A | 6.1 MEDIUM | ||
|
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.
|
|||||
| CVE-2024-43112 | 1 Mozilla | 1 Firefox | 2025-03-17 | N/A | 6.1 MEDIUM |
|
Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.
|
|||||
| CVE-2024-25895 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php
|
|||||
| CVE-2024-27183 | 1 Dj-extensions | 1 Dj-helpfularticles | 2025-03-17 | N/A | 6.1 MEDIUM |
|
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
|
|||||
| CVE-2023-35859 | 1 Moderncampus | 1 Omni Cms | 2025-03-17 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.
|
|||||
| CVE-2023-26235 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | N/A | 6.1 MEDIUM |
|
JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.
|
|||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-17 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.
|
|||||
| CVE-2025-28871 | 1 Jwpegram | 1 Block Spam By Math Reloaded | 2025-03-17 | N/A | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4.
|
|||||
| CVE-2025-26127 | 2025-03-17 | N/A | 5.0 MEDIUM | ||
|
A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2025-25612 | 2025-03-17 | N/A | 7.1 HIGH | ||
|
FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.
|
|||||
| CVE-2025-26918 | 1 Eniture | 1 Small Package Quotes | 2025-03-17 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Reflected XSS. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
|
|||||
| CVE-2025-23526 | 1 Swiftcloud | 1 Swift Calendar Online Appointment Scheduling | 2025-03-17 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Swift Calendar Online Appointment Scheduling allows Reflected XSS. This issue affects Swift Calendar Online Appointment Scheduling: from n/a through 1.3.3.
|
|||||
| CVE-2025-28879 | 1 Aumsrini | 1 Bee Layer Slider | 2025-03-17 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1.
|
|||||
| CVE-2024-2630 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-17 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-1153 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | 3.5 LOW | 4.8 MEDIUM |
|
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
|
|||||
| CVE-2025-30143 | 2025-03-17 | N/A | 5.4 MEDIUM | ||
|
Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.
|
|||||
| CVE-2025-27102 | 2025-03-17 | N/A | N/A | ||
|
Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Versi ...
Show More |
|||||
| CVE-2025-0827 | 2025-03-17 | N/A | 8.7 HIGH | ||
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||
| CVE-2025-0595 | 2025-03-17 | N/A | 8.7 HIGH | ||
|
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
|
|||||