Total
37729 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24275 | 2 Microsoft, Teamwire | 2 Windows, Teamwire | 2025-03-27 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. | |||||
| CVE-2023-23021 | 1 Oretnom23 | 1 Pos - Point Of Sale System | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. | |||||
| CVE-2022-4828 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4793 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4776 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4306 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. | |||||
| CVE-2024-35504 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt. | |||||
| CVE-2024-32077 | 1 Apache | 1 Airflow | 2025-03-27 | N/A | 5.4 MEDIUM |
| Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. | |||||
| CVE-2024-28456 | 1 Campcodes | 1 Online Marriage Registration System | 2025-03-27 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. | |||||
| CVE-2024-28403 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-27 | N/A | 5.4 MEDIUM |
| TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. | |||||
| CVE-2024-28277 | 1 Remyandrade | 1 School Task Manager | 2025-03-27 | N/A | 6.1 MEDIUM |
| In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads. | |||||
| CVE-2024-23604 | 1 Cleancoder | 1 Fitnesse | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters. | |||||
| CVE-2023-45207 | 1 Zimbra | 1 Collaboration | 2025-03-27 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.) | |||||
| CVE-2023-39223 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. | |||||
| CVE-2023-0074 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0071 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4835 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4834 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4792 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4787 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||