Total
2931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46449 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1. | |||||
| CVE-2025-46499 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2. | |||||
| CVE-2025-46502 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta allows Cross Site Request Forgery. This issue affects LSD Custom taxonomy and category meta: from n/a through 1.3.2. | |||||
| CVE-2025-39397 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3. | |||||
| CVE-2023-37534 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||||
| CVE-2025-39382 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. | |||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2024-41357 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 7.1 HIGH |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. | |||||
| CVE-2024-41353 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 7.1 HIGH |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php | |||||
| CVE-2024-41354 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 7.1 HIGH |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php | |||||
| CVE-2024-45799 | 1 Rathena | 1 Fluxcp | 2025-04-23 | N/A | 7.3 HIGH |
| FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a result all logged in to fluxcp users can have their session info stolen. This issue has been addressed in release version 1.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-28199 | 1 Phlex | 1 Phlex | 2025-04-23 | N/A | 7.1 HIGH |
| phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all 1.x minor versions. Users are advised to upgrade. Users unable to upgrade should consider configuring a content security policy that does not allow `unsafe-inline`. | |||||
| CVE-2023-37519 | 1 Hcltech | 1 Bigfix Platform | 2025-04-23 | N/A | 7.7 HIGH |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. | |||||
| CVE-2023-0603 | 1 Sloth Logo Customizer Project | 1 Sloth Logo Customizer | 2025-04-23 | N/A | 8.8 HIGH |
| The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2025-29471 | 1 Nagios | 1 Log Server | 2025-04-23 | N/A | 8.3 HIGH |
| Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. | |||||
| CVE-2024-40507 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | |||||
| CVE-2024-40508 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | |||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | |||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | |||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | |||||