Total
45256 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30417 | 1 Pearadmin | 1 Pear Admin Boot | 2025-02-03 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | ||||
| CVE-2023-30267 | 1 Cltphp | 1 Cltphp | 2025-02-03 | 6.1 Medium |
| CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | ||||
| CVE-2023-30177 | 1 Craftcms | 1 Craft Cms | 2025-02-03 | 6.1 Medium |
| CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | ||||
| CVE-2023-30111 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-30106 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | ||||
| CVE-2023-29836 | 1 Exelysis | 1 Exelysis Unified Communications Solution | 2025-02-03 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | ||||
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-03 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | ||||
| CVE-2022-27979 | 1 Tooljet | 1 Tooljet | 2025-02-03 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | ||||
| CVE-2024-38681 | 1 Wpthemespace | 1 Magical Addons For Elementor | 2025-02-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41. | ||||
| CVE-2024-38711 | 1 Ylefebvre | 1 Link Library | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1. | ||||
| CVE-2024-37947 | 1 Themeum | 1 Tutor Lms | 2025-02-03 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2. | ||||
| CVE-2024-41665 | 1 Ampache | 1 Ampache | 2025-02-03 | 5.5 Medium |
| Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. | ||||
| CVE-2024-28973 | 1 Dell | 9 Data Domain Operating System, Dd3300, Dd6400 and 6 more | 2025-02-03 | 5.9 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery | ||||
| CVE-2023-30338 | 1 Emlog | 1 Emlog | 2025-01-31 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | ||||
| CVE-2023-25292 | 1 Group-office | 1 Group Office | 2025-01-31 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | ||||
| CVE-2022-0209 | 1 Facebook-wall-and-social-integration Project | 1 Facebook-wall-and-social-integration | 2025-01-31 | 4.8 Medium |
| The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0653 | 1 Cozmoslabs | 1 Profile Builder | 2025-01-31 | 6.1 Medium |
| The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. | ||||
| CVE-2022-0710 | 1 Draftpress | 1 Header Footer Code Manager | 2025-01-31 | 6.1 Medium |
| The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. | ||||
| CVE-2022-0683 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-31 | 6.1 Medium |
| The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8. | ||||
| CVE-2021-39308 | 1 Woo-myghpay-payment-gateway Project | 1 Woo-myghpay-payment-gateway | 2025-01-31 | 6.1 Medium |
| The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. | ||||