Total
45292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10565 | 1 10web | 1 Slider | 2025-04-02 | 6.1 Medium |
| The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10105 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-02 | 5.9 Medium |
| The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | ||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2025-04-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | ||||
| CVE-2022-41441 | 1 Reqlogic | 1 Reqlogic | 2025-04-02 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. | ||||
| CVE-2021-43446 | 1 Onlyoffice | 1 Server | 2025-04-02 | 6.1 Medium |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used. | ||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | 6.1 Medium |
| Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | ||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | 6.1 Medium |
| User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | ||||
| CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | 8.1 High |
| An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | ||||
| CVE-2022-4627 | 1 Sevenspark | 1 Shiftnav | 2025-04-02 | 5.4 Medium |
| The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 9.3 Critical |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2023-0448 | 1 Matbao | 1 Wp Helper Premium | 2025-04-02 | 6.1 Medium |
| The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. | ||||
| CVE-2019-11291 | 3 Broadcom, Redhat, Vmware | 3 Rabbitmq Server, Openstack, Rabbitmq | 2025-04-02 | 4.8 Medium |
| Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. | ||||
| CVE-2025-0718 | 1 Kylephillips | 1 Nested Pages | 2025-04-02 | 4.8 Medium |
| The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-2645 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-02 | 3.5 Low |
| A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1619 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | 4.8 Medium |
| The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1620 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | 4.8 Medium |
| The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1621 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | 4.8 Medium |
| The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1622 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | 3.5 Low |
| The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1623 | 1 Mooveagency | 1 Gdpr Cookie Compliance | 2025-04-02 | 3.5 Low |
| The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||