Total
37918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0896 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. | |||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | |||||
| CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | |||||
| CVE-2024-37798 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-04-03 | N/A | 5.9 MEDIUM |
| Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | |||||
| CVE-2024-34796 | 1 Accessally | 1 Popupally | 2025-04-03 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | |||||
| CVE-2025-27915 | 1 Zimbra | 1 Collaboration | 2025-04-02 | N/A | 5.4 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. | |||||
| CVE-2025-27914 | 1 Zimbra | 1 Collaboration | 2025-04-02 | N/A | 5.4 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim. | |||||
| CVE-2024-22880 | 1 Zadarma | 1 Zadarma | 2025-04-02 | N/A | 4.7 MEDIUM |
| Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. | |||||
| CVE-2024-28803 | 1 Italtel | 1 I-mcs Nfv | 2025-04-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter | |||||
| CVE-2024-57348 | 1 Pecanproject | 1 Pecan | 2025-04-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters. | |||||
| CVE-2024-25876 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | |||||
| CVE-2024-25875 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. | |||||
| CVE-2024-25874 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. | |||||
| CVE-2024-25974 | 1 Frentix | 1 Openolat | 2025-04-02 | N/A | 5.4 MEDIUM |
| The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. | |||||
| CVE-2024-32138 | 1 Kaizencoders | 1 Short Url | 2025-04-02 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8. | |||||
| CVE-2024-32133 | 1 Ezplugins | 1 Ez Form Calculator | 2025-04-02 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3. | |||||
| CVE-2024-10565 | 1 10web | 1 Slider | 2025-04-02 | N/A | 6.1 MEDIUM |
| The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-10105 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-02 | N/A | 5.9 MEDIUM |
| The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | |||||
| CVE-2023-24026 | 1 Misp-project | 1 Misp | 2025-04-02 | N/A | 6.1 MEDIUM |
| In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | |||||