Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23327 | 1 Zblogcn | 1 Zblogphp | 2025-02-18 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.
|
|||||
| CVE-2024-3321 | 1 Oretnom23 | 1 Elearning System | 2025-02-18 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259389 was assigned to this vulnerability.
|
|||||
| CVE-2024-3320 | 1 Oretnom23 | 1 Elearning System | 2025-02-18 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-259388.
|
|||||
| CVE-2024-2935 | 1 Remyandrade | 1 Todo List In Kanban Board | 2025-02-18 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-2553 | 1 Remyandrade | 1 Product Review\/rating System | 2025-02-18 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052.
|
|||||
| CVE-2023-24724 | 1 Sas | 1 Web Administration Interface | 2025-02-18 | N/A | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3.
|
|||||
| CVE-2023-50167 | 1 Pega | 1 Pega Platform | 2025-02-18 | N/A | 5.4 MEDIUM |
|
Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.
|
|||||
| CVE-2025-26778 | 2025-02-17 | N/A | 5.9 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.
|
|||||
| CVE-2025-26770 | 2025-02-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.0.
|
|||||
| CVE-2025-26769 | 2025-02-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0.
|
|||||
| CVE-2025-26754 | 2025-02-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block allows Stored XSS. This issue affects Timeline Block: from n/a through 1.1.1.
|
|||||
| CVE-2025-23845 | 2025-02-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 ImageMeta allows Reflected XSS. This issue affects ImageMeta: from n/a through 1.1.2.
|
|||||
| CVE-2025-23840 | 2025-02-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjema WP-NOTCAPTCHA allows Reflected XSS. This issue affects WP-NOTCAPTCHA: from n/a through 1.3.1.
|
|||||
| CVE-2025-0354 | 2025-02-17 | N/A | 4.8 MEDIUM | ||
|
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.
|
|||||
| CVE-2025-26766 | 2025-02-16 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.
|
|||||
| CVE-2025-26761 | 2025-02-16 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5.
|
|||||
| CVE-2025-23975 | 2025-02-16 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0.
|
|||||
| CVE-2025-22689 | 2025-02-16 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS. This issue affects Forex Calculators: from n/a through 1.3.6.
|
|||||
| CVE-2025-22680 | 2025-02-16 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a through 2.7.39.
|
|||||
| CVE-2025-22676 | 2025-02-16 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.
|
|||||
| CVE-2025-22286 | 2025-02-16 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.21.
|
|||||
| CVE-2024-44044 | 2025-02-16 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.
|
|||||
| CVE-2025-1360 | 2025-02-16 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msg_to leads to cross site scripting. It is possible to launch the attack remotely. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-1359 | 2025-02-16 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-1332 | 2025-02-16 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
|
|||||
| CVE-2024-13563 | 2025-02-15 | N/A | 6.4 MEDIUM | ||
|
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-25304 | 2025-02-14 | N/A | N/A | ||
|
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to cross-site scripting.`vlSelectionTuples` calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. This can be used to call `Function()` with arbitrary JavaScript and ...
Show More |
|||||
| CVE-2020-19697 | 1 Ipandao | 1 Editor.md | 2025-02-14 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.
|
|||||
| CVE-2024-3086 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.
|
|||||
| CVE-2024-3091 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.
|
|||||
| CVE-2024-3090 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
|
|||||
| CVE-2024-3084 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.
|
|||||
| CVE-2022-47870 | 1 Red-gate | 1 Sql Monitor | 2025-02-14 | N/A | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
|
|||||
| CVE-2021-39350 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2025-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
|
|||||
| CVE-2020-20521 | 1 Kitesky | 1 Kitecms | 2025-02-14 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.
|
|||||
| CVE-2020-19699 | 1 Kiftd Project | 1 Kiftd | 2025-02-14 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.
|
|||||
| CVE-2020-19698 | 1 Ipandao | 1 Editor.md | 2025-02-14 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
|
|||||
| CVE-2024-2127 | 1 Pagelayer | 1 Pagelayer | 2025-02-14 | N/A | 6.4 MEDIUM |
|
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-56463 | 2025-02-14 | N/A | 4.8 MEDIUM | ||
|
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2023-27089 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2025-02-14 | N/A | 8.2 HIGH |
|
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.
|
|||||