Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29713 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.
|
|||||
| CVE-2023-29712 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.
|
|||||
| CVE-2024-13034 | 1 Code-projects | 1 Chat System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13075 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13076 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13077 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13081 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13082 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation of the argument Search By leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13083 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0220 | 2025-01-05 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-0219 | 2025-01-05 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-12221 | 2025-01-04 | N/A | 6.1 MEDIUM | ||
|
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-12701 | 2025-01-04 | N/A | 6.1 MEDIUM | ||
|
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2023-24469 | 1 Microfocus | 1 Arcsight Logger | 2025-01-03 | N/A | 6.1 MEDIUM |
|
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
|
|||||
| CVE-2024-49664 | 1 Chatplus | 1 Chatplusjp | 2025-01-03 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in allows Reflected XSS.This issue affects chatplusjp: from n/a through 1.02.
|
|||||
| CVE-2025-21610 | 2025-01-03 | N/A | 5.3 MEDIUM | ||
|
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious `javascript:` URL as a link that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. Users should upgrade to Trix editor ...
Show More |
|||||
| CVE-2021-31280 | 1 Tp5cms Project | 1 Tp5cms | 2025-01-03 | N/A | 6.1 MEDIUM |
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.
|
|||||
| CVE-2020-22402 | 1 Alinto | 1 Sogo Web Mail | 2025-01-03 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.
|
|||||
| CVE-2024-46976 | 1 Linuxfoundation | 1 Backstage | 2025-01-03 | N/A | 6.5 MEDIUM |
|
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-32479 | 1 Librenms | 1 Librenms | 2025-01-02 | N/A | 7.1 HIGH |
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
|
|||||
| CVE-2024-29029 | 1 Usememos | 1 Memos | 2025-01-02 | N/A | 6.1 MEDIUM |
|
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
|
|||||
| CVE-2024-2072 | 1 Remyandrade | 1 Flashcard Quiz App | 2025-01-02 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387.
|
|||||
| CVE-2024-48197 | 2025-01-02 | N/A | 4.7 MEDIUM | ||
|
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
|
|||||
| CVE-2023-35144 | 1 Jenkins | 1 Maven Repository Server | 2025-01-02 | N/A | 5.4 MEDIUM |
|
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2023-35143 | 1 Jenkins | 1 Maven Repository Server | 2025-01-02 | N/A | 5.4 MEDIUM |
|
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.
|
|||||
| CVE-2023-35145 | 1 Jenkins | 1 Sonargraph Integration | 2025-01-02 | N/A | 5.4 MEDIUM |
|
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
|
|||||
| CVE-2024-56352 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
|
|||||
| CVE-2024-56355 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
|
|||||
| CVE-2024-11111 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11110 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
|
|||||
| CVE-2024-11115 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11116 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-11117 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-43926 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Reflected XSS.This issue affects Beaver Builder: from n/a through 2.8.3.2.
|
|||||
| CVE-2024-0871 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 5.4 MEDIUM |
|
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0896 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 6.4 MEDIUM |
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-0897 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 6.4 MEDIUM |
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-1038 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 5.4 MEDIUM |
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-1074 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 6.4 MEDIUM |
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-1080 | 1 Fastlinemedia | 1 Beaver Builder | 2025-01-02 | N/A | 6.4 MEDIUM |
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||