Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24547 | 2025-01-24 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through 0.0.10.
|
|||||
| CVE-2025-24542 | 2025-01-24 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31.
|
|||||
| CVE-2024-13590 | 1 Ayecode | 1 Ketchup Shortcodes | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-2660 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-01-24 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-29029 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2023-29028 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2023-29027 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2023-29026 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2023-29022 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2025-01-24 | N/A | 4.7 MEDIUM |
|
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product
that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.
|
|||||
| CVE-2024-4618 | 1 Exclusiveaddons | 1 Exclusive Addons For Elementor | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-2503 | 1 Exclusiveaddons | 1 Exclusive Addons For Elementor | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32557 is likely a duplicate of this issue.
|
|||||
| CVE-2024-3140 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-24 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.
|
|||||
| CVE-2023-29983 | 1 Companymaps Project | 1 Companymaps | 2025-01-24 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.
|
|||||
| CVE-2023-29808 | 1 Companymaps Project | 1 Companymaps | 2025-01-24 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.
|
|||||
| CVE-2024-5920 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
|
|||||
| CVE-2024-4553 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-4695 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-4619 | 1 Elementor | 1 Website Builder | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-4876 | 1 Hasthemes | 1 Ht Mega | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-5025 | 1 Caseproof | 1 Memberpress | 2025-01-24 | N/A | 6.4 MEDIUM |
|
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-23889 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2.
|
|||||
| CVE-2025-23888 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: from n/a through 0.6.
|
|||||
| CVE-2025-23885 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3.
|
|||||
| CVE-2025-23839 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0.
|
|||||
| CVE-2025-23838 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1.
|
|||||
| CVE-2025-23837 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.
|
|||||
| CVE-2025-23737 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a through 1.1.
|
|||||
| CVE-2025-23734 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gigaom Sphinx allows Reflected XSS. This issue affects Gigaom Sphinx: from n/a through 0.1.
|
|||||
| CVE-2025-23711 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Quote me allows Reflected XSS. This issue affects Quote me: from n/a through 1.0.
|
|||||
| CVE-2025-23622 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14.
|
|||||
| CVE-2025-23621 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Causes – Donation Plugin allows Reflected XSS. This issue affects Causes – Donation Plugin: from n/a through 1.0.01.
|
|||||
| CVE-2025-23522 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1.
|
|||||
| CVE-2025-23427 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dovy Paukstys Redux Converter allows Reflected XSS. This issue affects Redux Converter: from n/a through 1.1.3.1.
|
|||||
| CVE-2025-22714 | 2025-01-24 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5.
|
|||||
| CVE-2024-57370 | 2025-01-23 | N/A | 6.1 MEDIUM | ||
|
Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter.
|
|||||
| CVE-2023-32984 | 1 Jenkins | 1 Testng Results | 2025-01-23 | N/A | 5.4 MEDIUM |
|
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
|
|||||
| CVE-2024-1883 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | N/A | 6.3 MEDIUM |
|
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.
|
|||||
| CVE-2023-30124 | 1 Lavalite | 1 Lavalite | 2025-01-23 | N/A | 5.4 MEDIUM |
|
LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2024-1806 | 1 Properfraction | 1 Profilepress | 2025-01-23 | N/A | 6.4 MEDIUM |
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will ex ...
Show More |
|||||
| CVE-2024-1691 | 1 Themeisle | 1 Otter Blocks | 2025-01-23 | N/A | 6.1 MEDIUM |
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG upload ...
Show More |
|||||