Total
45294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | ||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.8 Medium |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | ||||
| CVE-2024-0902 | 1 Radykal | 1 Fancy Product Designer | 2025-04-07 | 4.3 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-53457 | 1 Librenms | 1 Librenms | 2025-04-07 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. | ||||
| CVE-2025-28254 | 1 Leantime | 1 Leantime | 2025-04-07 | 5.4 Medium |
| Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions(). | ||||
| CVE-2024-32326 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | ||||
| CVE-2024-26495 | 1 Friendica | 1 Friendica | 2025-04-07 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | ||||
| CVE-2023-29839 | 1 Digitaldruid | 1 Hoteldruid | 2025-04-07 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. | ||||
| CVE-2025-28094 | 1 Shopxo | 1 Shopxo | 2025-04-07 | 6.5 Medium |
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. | ||||
| CVE-2025-28097 | 1 Onenav | 1 Onenav | 2025-04-07 | 5.5 Medium |
| OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. | ||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2025-04-04 | 6.4 Medium |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | ||||
| CVE-2022-40704 | 1 Phoronix-media | 1 Phoronix Test Suite | 2025-04-04 | 6.1 Medium |
| A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. | ||||
| CVE-2024-51994 | 1 Combodo | 1 Itop | 2025-04-04 | 7.1 High |
| Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-50991 | 1 Phpgurukul | 1 User Management System | 2025-04-04 | 4.8 Medium |
| A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter | ||||
| CVE-2022-4480 | 1 Holithemes | 1 Click To Chat | 2025-04-04 | 5.4 Medium |
| The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2023-0337 | 1 Daloradius | 1 Daloradius | 2025-04-04 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-0338 | 1 Daloradius | 1 Daloradius | 2025-04-04 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-23637 | 1 Unistra | 1 Impatient | 2025-04-04 | 7.6 High |
| IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. | ||||