Total
37750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43532 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | N/A | 8.0 HIGH |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43524 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | N/A | 8.7 HIGH |
| A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. | |||||
| CVE-2022-38723 | 1 Gravitee | 1 Api Management | 2025-04-10 | N/A | 8.6 HIGH |
| Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | |||||
| CVE-2021-46026 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | 3.5 LOW | 5.4 MEDIUM |
| mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | |||||
| CVE-2025-22649 | 1 Wedevs | 1 Wp Project Manager | 2025-04-10 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22. | |||||
| CVE-2022-42710 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-10 | N/A | 5.4 MEDIUM |
| Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS). | |||||
| CVE-2025-30362 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 5.4 MEDIUM |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. | |||||
| CVE-2025-30363 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 5.4 MEDIUM |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue. | |||||
| CVE-2025-30366 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 5.4 MEDIUM |
| WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. | |||||
| CVE-2024-8444 | 1 W3eden | 1 Download Manager | 2025-04-10 | N/A | 5.4 MEDIUM |
| The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting. | |||||
| CVE-2025-29719 | 1 Remyandrade | 1 Employee Management System | 2025-04-10 | N/A | 6.1 MEDIUM |
| SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields. | |||||
| CVE-2024-31649 | 1 Oretnom23 | 1 Cosmetics And Beauty Product Online Store | 2025-04-10 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
| CVE-2024-31650 | 1 Oretnom23 | 1 Cosmetics And Beauty Product Online Store | 2025-04-10 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | |||||
| CVE-2024-31652 | 1 Oretnom23 | 1 Cosmetics And Beauty Product Online Store | 2025-04-10 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. | |||||
| CVE-2024-4372 | 1 Majeedraza | 1 Carousel Slider | 2025-04-10 | N/A | 5.4 MEDIUM |
| The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks | |||||
| CVE-2025-1663 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-04-10 | N/A | 6.4 MEDIUM |
| The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3703 | 1 Majeedraza | 1 Carousel Slider | 2025-04-10 | N/A | 4.7 MEDIUM |
| The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-5883 | 1 Webcodingplace | 1 Ultimate Classified Listings | 2025-04-10 | N/A | 4.7 MEDIUM |
| The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-6529 | 1 Webcodingplace | 1 Ultimate Classified Listings | 2025-04-10 | N/A | 7.1 HIGH |
| The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-30986 | 1 Phpgurukul | 1 Client Management System | 2025-04-10 | N/A | 6.5 MEDIUM |
| Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter. | |||||