Total
34530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22344 | 1 Ibm | 1 Txseries For Multiplatform | 2025-03-28 | N/A | 6.1 MEDIUM |
| IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191. | |||||
| CVE-2024-11993 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-03-28 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field | |||||
| CVE-2024-0820 | 1 Blueglass | 1 Jobs For Wordpress | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-44024 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | |||||
| CVE-2025-2163 | 1 Zoorum | 1 Zoorum Comments | 2025-03-28 | N/A | 6.1 MEDIUM |
| The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
| A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | |||||
| CVE-2024-34243 | 2025-03-28 | N/A | 5.4 MEDIUM | ||
| Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. | |||||
| CVE-2024-34089 | 1 Archerirm | 1 Archer | 2025-03-28 | N/A | 7.3 HIGH |
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. | |||||
| CVE-2024-33998 | 2025-03-28 | N/A | 5.4 MEDIUM | ||
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | |||||
| CVE-2024-28401 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-28 | N/A | 5.4 MEDIUM |
| TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | |||||
| CVE-2024-27668 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 6.1 MEDIUM |
| Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' | |||||
| CVE-2024-26284 | 1 Mozilla | 1 Firefox Focus | 2025-03-28 | N/A | 6.1 MEDIUM |
| Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123. | |||||
| CVE-2024-25436 | 1 Sfu | 1 Open Journal Systems | 2025-03-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | |||||
| CVE-2023-33528 | 1 Halo | 1 Halo | 2025-03-28 | N/A | 6.1 MEDIUM |
| halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-44029 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. | |||||
| CVE-2022-44025 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. | |||||
| CVE-2025-24746 | 1 Code-atlantic | 1 Popup Maker | 2025-03-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2. | |||||
| CVE-2025-23057 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||
| CVE-2025-23056 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||
| CVE-2025-23055 | 1 Arubanetworks | 1 Fabric Composer | 2025-03-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | |||||