Total
37242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0447 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
| Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-0443 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
| Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2020-36607 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2020-20589 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2021-39427 | 1 Vtimecn | 1 188jianzhan | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. | |||||
| CVE-2021-36573 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 5.4 MEDIUM |
| File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. | |||||
| CVE-2021-36572 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. | |||||
| CVE-2025-29015 | 1 Codeastro | 1 Internet Banking System | 2025-04-21 | N/A | 6.1 MEDIUM |
| Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php. | |||||
| CVE-2022-40004 | 1 Thingsboard | 1 Thingsboard | 2025-04-21 | N/A | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. | |||||
| CVE-2024-56409 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | N/A | 5.4 MEDIUM |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | |||||
| CVE-2024-12717 | 1 Aklamator | 1 Infeed | 2025-04-21 | N/A | 4.8 MEDIUM |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12731 | 1 Aklamator | 1 Infeed | 2025-04-21 | N/A | 6.1 MEDIUM |
| The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-55341 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-21 | N/A | 4.7 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. | |||||
| CVE-2024-54774 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-21 | N/A | 4.8 MEDIUM |
| Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. | |||||
| CVE-2024-56365 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | N/A | 5.4 MEDIUM |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendor/phpoffice/phpspreadsheet/samples/download.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | |||||
| CVE-2024-56366 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-21 | N/A | 5.4 MEDIUM |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | |||||
| CVE-2024-42195 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-21 | N/A | 3.1 LOW |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2022-40002 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. | |||||
| CVE-2022-40001 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. | |||||