Total
37669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4898 | 1 Octopus | 1 Octopus Server | 2025-03-27 | N/A | 5.4 MEDIUM |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | |||||
| CVE-2024-26299 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 6.6 MEDIUM |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2024-26300 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 6.6 MEDIUM |
| A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | |||||
| CVE-2024-25399 | 1 Intelliants | 1 Subrion Cms | 2025-03-27 | N/A | 6.1 MEDIUM |
| Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. | |||||
| CVE-2024-26281 | 1 Mozilla | 1 Firefox | 2025-03-27 | N/A | 4.7 MEDIUM |
| Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123. | |||||
| CVE-2023-39612 | 1 Filebrowser | 1 Filebrowser | 2025-03-27 | N/A | 9.0 CRITICAL |
| A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. | |||||
| CVE-2025-30345 | 1 Openslides | 1 Openslides | 2025-03-27 | N/A | 3.5 LOW |
| An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when deleting chats or deleting messages in these chats. This potentially allows attackers to interfere with the layout of the rendered website, but it is unlikely that victims would click on deleted chats or deleted messages. | |||||
| CVE-2025-30342 | 1 Openslides | 1 Openslides | 2025-03-27 | N/A | 5.4 MEDIUM |
| An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly encoded when reflected; however, adding attributes to links is possible, which allows the injection of JavaScript via the onmouseover attribute and others. When a user moves the mouse over such a prepared link, JavaScript is executed in that user's session. | |||||
| CVE-2024-50053 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus | 2025-03-27 | N/A | 6.3 MEDIUM |
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | |||||
| CVE-2024-13739 | 1 Tribulant | 1 Newsletters | 2025-03-27 | N/A | 6.1 MEDIUM |
| The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. | |||||
| CVE-2023-23022 | 1 Oretnom23 | 1 Employees Payroll Management System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. | |||||
| CVE-2024-45625 | 1 Incsub | 1 Forminator | 2025-03-26 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator. | |||||
| CVE-2024-39242 | 1 Skycaiji | 1 Skycaiji | 2025-03-26 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). | |||||
| CVE-2022-48085 | 1 Softr | 1 Softr | 2025-03-26 | N/A | 5.4 MEDIUM |
| Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. | |||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | |||||
| CVE-2023-24195 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | |||||
| CVE-2023-24194 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | |||||
| CVE-2023-24192 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | |||||
| CVE-2023-24191 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | |||||
| CVE-2021-37373 | 1 Teradek | 2 Slice, Slice Firmware | 2025-03-26 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||