Total
37590 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1534 | 2025-04-07 | N/A | N/A | ||
| CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2. | |||||
| CVE-2025-2076 | 1 Gnarf | 1 Binlayerpress | 2025-04-07 | N/A | 4.4 MEDIUM |
| The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2021-46872 | 1 Nim-lang | 2 Nim, Nimforum | 2025-04-07 | N/A | 6.1 MEDIUM |
| An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.) | |||||
| CVE-2023-22911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-07 | N/A | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. | |||||
| CVE-2022-48091 | 1 Hotel Management System Project | 1 Hotel Management System | 2025-04-07 | N/A | 5.4 MEDIUM |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | |||||
| CVE-2025-25818 | 1 Emlog | 1 Emlog | 2025-04-07 | N/A | 5.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php. | |||||
| CVE-2025-25823 | 1 Emlog | 1 Emlog | 2025-04-07 | N/A | 7.3 HIGH |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php. | |||||
| CVE-2025-25825 | 1 Emlog | 1 Emlog | 2025-04-07 | N/A | 7.1 HIGH |
| A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section. | |||||
| CVE-2024-46226 | 1 Helpdeskz | 1 Helpdeskz | 2025-04-07 | N/A | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket. | |||||
| CVE-2024-57423 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-04-07 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. | |||||
| CVE-2022-4486 | 1 Meteor Slides Project | 1 Meteor Slides | 2025-04-07 | N/A | 5.4 MEDIUM |
| The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2024-30979 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-04-07 | N/A | 5.9 MEDIUM |
| Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. | |||||
| CVE-2022-43718 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 5.4 MEDIUM |
| Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | N/A | 4.8 MEDIUM |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | |||||
| CVE-2024-0902 | 1 Radykal | 1 Fancy Product Designer | 2025-04-07 | N/A | 4.8 MEDIUM |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-53457 | 1 Librenms | 1 Librenms | 2025-04-07 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. | |||||
| CVE-2025-28254 | 1 Leantime | 1 Leantime | 2025-04-07 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions(). | |||||
| CVE-2024-32326 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-07 | N/A | 6.8 MEDIUM |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | |||||
| CVE-2024-26495 | 1 Friendica | 1 Friendica | 2025-04-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | |||||
| CVE-2025-20203 | 2025-04-07 | N/A | 4.8 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||