Total
37565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25876 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | |||||
| CVE-2024-25875 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. | |||||
| CVE-2024-25874 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. | |||||
| CVE-2024-25974 | 1 Frentix | 1 Openolat | 2025-04-02 | N/A | 5.4 MEDIUM |
| The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. | |||||
| CVE-2024-32138 | 1 Kaizencoders | 1 Short Url | 2025-04-02 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8. | |||||
| CVE-2024-32133 | 1 Ezplugins | 1 Ez Form Calculator | 2025-04-02 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3. | |||||
| CVE-2024-10565 | 1 10web | 1 Slider | 2025-04-02 | N/A | 6.1 MEDIUM |
| The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10105 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-02 | N/A | 5.9 MEDIUM |
| The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | |||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
| In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | |||||
| CVE-2022-41441 | 1 Reqlogic | 1 Reqlogic | 2025-04-02 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. | |||||
| CVE-2021-43446 | 1 Onlyoffice | 1 Server | 2025-04-02 | N/A | 6.1 MEDIUM |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used. | |||||
| CVE-2025-26054 | 2025-04-02 | N/A | 5.4 MEDIUM | ||
| Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration. | |||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 6.1 MEDIUM |
| Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | |||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 6.1 MEDIUM |
| User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | |||||
| CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2025-04-02 | N/A | 5.4 MEDIUM |
| An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | |||||
| CVE-2022-4627 | 1 Sevenspark | 1 Shiftnav | 2025-04-02 | N/A | 5.4 MEDIUM |
| The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-3572 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 9.3 CRITICAL |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. | |||||
| CVE-2024-32140 | 1 Libsyn | 1 Libsyn Publisher Hub | 2025-04-02 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | |||||
| CVE-2024-32145 | 1 Wpgoaltracker | 1 Wp Google Analytics Events | 2025-04-02 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0. | |||||