Total
37734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31470 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6. | |||||
| CVE-2025-31473 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3. | |||||
| CVE-2025-31451 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce allows Stored XSS. This issue affects wBounce: from n/a through 1.8.1. | |||||
| CVE-2025-2868 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php. | |||||
| CVE-2025-31472 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0. | |||||
| CVE-2025-31096 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25. | |||||
| CVE-2025-31450 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6. | |||||
| CVE-2025-2869 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manage_user.php. | |||||
| CVE-2025-31464 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6. | |||||
| CVE-2024-12772 | 1 Wpmanageninja | 1 Ninja Tables | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. | |||||
| CVE-2024-57175 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. | |||||
| CVE-2024-25898 | 1 Churchcrm | 1 Churchcrm | 2025-03-28 | N/A | 6.1 MEDIUM |
| A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. | |||||
| CVE-2023-22971 | 1 Hughes | 10 Hn7000s, Hn7000s Firmware, Hn9460 and 7 more | 2025-03-28 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. | |||||
| CVE-2024-44918 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 3.5 LOW |
| A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-12983 | 1 Fabianros | 1 Hospital Management System | 2025-03-28 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-29474 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 5.4 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. | |||||
| CVE-2024-29470 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 6.1 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | |||||
| CVE-2024-29469 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | |||||
| CVE-2024-55100 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter. | |||||
| CVE-2024-1588 | 1 Pressified | 1 Sendpress | 2025-03-28 | N/A | 6.8 MEDIUM |
| The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||