Total
34466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30349 | 2025-03-28 | N/A | 7.2 HIGH | ||
| Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025. | |||||
| CVE-2025-31092 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.4. | |||||
| CVE-2025-31101 | 2025-03-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | |||||
| CVE-2025-31031 | 2025-03-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4. | |||||
| CVE-2025-2878 | 2025-03-27 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. Upgrading to version 13.0.179 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-26874 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13. | |||||
| CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-27 | N/A | 6.1 MEDIUM |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | |||||
| CVE-2025-2361 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-35362 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. | |||||
| CVE-2024-34899 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2024-33307 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | |||||
| CVE-2024-29419 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-27 | N/A | 5.4 MEDIUM |
| There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | |||||
| CVE-2024-28156 | 1 Jenkins | 1 Build Monitor View | 2025-03-27 | N/A | 5.4 MEDIUM |
| Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views. | |||||
| CVE-2024-26454 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. | |||||
| CVE-2024-24389 | 1 Xunruicms | 1 Xunruicms | 2025-03-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. | |||||
| CVE-2024-24276 | 1 Teamwire | 1 Teamwire | 2025-03-27 | N/A | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components. | |||||
| CVE-2024-24275 | 2 Microsoft, Teamwire | 2 Windows, Teamwire | 2025-03-27 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. | |||||
| CVE-2023-23021 | 1 Oretnom23 | 1 Pos - Point Of Sale System | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. | |||||
| CVE-2022-4828 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4793 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||