Filtered by CWE-79
Total 45294 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-1062 1 Metaslider 1 Slider\, Gallery\, And Carousel 2025-04-08 3.5 Low
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1203 1 Metaslider 1 Slider\, Gallery\, And Carousel 2025-04-08 3.5 Low
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2021-46872 1 Nim-lang 2 Nim, Nimforum 2025-04-07 6.1 Medium
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)
CVE-2023-22911 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2025-04-07 6.1 Medium
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.
CVE-2022-48091 1 Hotel Management System Project 1 Hotel Management System 2025-04-07 5.4 Medium
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.
CVE-2025-25818 1 Emlog 1 Emlog 2025-04-07 5.1 Medium
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.
CVE-2025-25823 1 Emlog 1 Emlog 2025-04-07 7.3 High
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.
CVE-2025-25825 1 Emlog 1 Emlog 2025-04-07 7.1 High
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
CVE-2024-46226 1 Helpdeskz 1 Helpdeskz 2025-04-07 4.8 Medium
A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket.
CVE-2024-57423 1 Vishalmathur 1 Cloudclassroom-php Project 2025-04-07 6.1 Medium
A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.
CVE-2023-0300 1 Opencollective 1 Alf.io 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.
CVE-2023-0301 1 Opencollective 1 Alf.io 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.
CVE-2023-0306 1 Phpmyfaq 1 Phpmyfaq 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2024-30979 1 Phpgurukul 1 Cyber Cafe Management System 2025-04-07 5.9 Medium
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.
CVE-2022-43718 1 Apache 1 Superset 2025-04-07 5.4 Medium
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CVE-2023-0289 1 Webcalendar Project 1 Webcalendar 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
CVE-2023-0308 1 Phpmyfaq 1 Phpmyfaq 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0309 1 Phpmyfaq 1 Phpmyfaq 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0310 1 Phpmyfaq 1 Phpmyfaq 2025-04-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
CVE-2023-0312 1 Phpmyfaq 1 Phpmyfaq 2025-04-07 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.