Total
37758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11974 | 1 Davidlingren | 1 Media Library Assistant | 2025-03-31 | N/A | 6.1 MEDIUM |
| The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2013-0203 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php. | |||||
| CVE-2013-0202 | 1 Owncloud | 1 Owncloud Server | 2025-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php. | |||||
| CVE-2024-5739 | 2025-03-29 | N/A | 6.1 MEDIUM | ||
| The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher. | |||||
| CVE-2024-25865 | 1 Anzhiyu-c | 1 Hexo-theme-anzhiyu | 2025-03-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function. | |||||
| CVE-2024-25435 | 1 Md1health | 1 Md1patient | 2025-03-29 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. | |||||
| CVE-2024-35621 | 2025-03-28 | N/A | 4.8 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field. | |||||
| CVE-2024-23349 | 1 Apache | 1 Answer | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | |||||
| CVE-2024-22344 | 1 Ibm | 1 Txseries For Multiplatform | 2025-03-28 | N/A | 6.1 MEDIUM |
| IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191. | |||||
| CVE-2024-11993 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-03-28 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field | |||||
| CVE-2024-0820 | 1 Blueglass | 1 Jobs For Wordpress | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-44024 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | |||||
| CVE-2025-2163 | 1 Zoorum | 1 Zoorum Comments | 2025-03-28 | N/A | 6.1 MEDIUM |
| The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
| A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | |||||
| CVE-2024-34089 | 1 Archerirm | 1 Archer | 2025-03-28 | N/A | 7.3 HIGH |
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. | |||||
| CVE-2024-28401 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-28 | N/A | 5.4 MEDIUM |
| TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | |||||
| CVE-2024-27668 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 6.1 MEDIUM |
| Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' | |||||
| CVE-2024-26284 | 1 Mozilla | 1 Firefox Focus | 2025-03-28 | N/A | 6.1 MEDIUM |
| Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123. | |||||
| CVE-2024-25436 | 1 Sfu | 1 Open Journal Systems | 2025-03-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | |||||
| CVE-2023-33528 | 1 Halo | 1 Halo | 2025-03-28 | N/A | 6.1 MEDIUM |
| halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | |||||