Total
37662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48311 | 1 Hp | 2 Deskjet 2540 A9u23b, Deskjet 2540 A9u23b Firmware | 2025-03-26 | N/A | 9.0 CRITICAL |
| **UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-27680 | 1 Flusity | 1 Flusity | 2025-03-26 | N/A | 6.1 MEDIUM |
| Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." | |||||
| CVE-2024-10033 | 1 Redhat | 4 Ansible Automation Platform, Ansible Developer, Ansible Inside and 1 more | 2025-03-26 | N/A | 6.1 MEDIUM |
| A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data. | |||||
| CVE-2023-0174 | 1 Rextheme | 1 Wp Vr | 2025-03-25 | N/A | 5.4 MEDIUM |
| The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0149 | 1 Wordprezi Project | 1 Wordprezi | 2025-03-25 | N/A | 5.4 MEDIUM |
| The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0070 | 1 Responsivevoice | 1 Responsivevoice Text To Speech | 2025-03-25 | N/A | 5.4 MEDIUM |
| The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4838 | 1 Codection | 1 Clean Login | 2025-03-25 | N/A | 5.4 MEDIUM |
| The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-23849 | 1 Synopsys | 1 Coverity | 2025-03-25 | N/A | 6.1 MEDIUM |
| Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C | |||||
| CVE-2025-29782 | 1 Wegia | 1 Wegia | 2025-03-25 | N/A | 5.4 MEDIUM |
| WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue. | |||||
| CVE-2025-2325 | 1 Boopathirajan | 1 Wp Test Email | 2025-03-25 | N/A | 7.2 HIGH |
| The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-26318 | 1 Serenity | 1 Serenity | 2025-03-25 | N/A | 6.1 MEDIUM |
| Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. | |||||
| CVE-2023-22849 | 1 Apache | 1 Sling Cms | 2025-03-25 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | |||||
| CVE-2025-29429 | 1 Fabianros | 1 Online Class And Exam Scheduling System | 2025-03-25 | N/A | 6.1 MEDIUM |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/program.php via the id, code, and name parameters. | |||||
| CVE-2024-3992 | 1 Joshua Vandercar | 1 Amen | 2025-03-25 | N/A | 4.8 MEDIUM |
| The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||||
| CVE-2023-0150 | 1 Cloak Front End Email Project | 1 Cloak Front End Email | 2025-03-25 | N/A | 5.4 MEDIUM |
| The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-4860 | 1 Rebelcode | 1 Rss Aggregator | 2025-03-25 | N/A | 5.4 MEDIUM |
| The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. | |||||
| CVE-2024-35167 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-03-25 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8. | |||||
| CVE-2024-7790 | 1 Stitionai | 1 Devika | 2025-03-25 | N/A | 6.5 MEDIUM |
| A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. | |||||
| CVE-2024-7524 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-25 | N/A | 6.1 MEDIUM |
| Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | |||||