Total
37664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7790 | 1 Stitionai | 1 Devika | 2025-03-25 | N/A | 6.5 MEDIUM |
| A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. | |||||
| CVE-2024-7524 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-25 | N/A | 6.1 MEDIUM |
| Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | |||||
| CVE-2024-48706 | 1 O-dyn | 1 Collabtive | 2025-03-25 | N/A | 5.4 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | |||||
| CVE-2024-47048 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-25 | N/A | 5.4 MEDIUM |
| Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | |||||
| CVE-2024-46934 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-25 | N/A | 6.1 MEDIUM |
| Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload. | |||||
| CVE-2024-46372 | 1 Dedecms | 1 Dedecms | 2025-03-25 | N/A | 6.1 MEDIUM |
| DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | |||||
| CVE-2024-45836 | 1 Planex | 10 Cs-qr10, Cs-qr10 Firmware, Cs-qr20 and 7 more | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. | |||||
| CVE-2024-43025 | 1 Rws | 1 Multitrans | 2025-03-25 | N/A | 6.1 MEDIUM |
| An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | |||||
| CVE-2024-43024 | 1 Rws | 1 Multitrans | 2025-03-25 | N/A | 6.1 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-41482 | 1 Typora | 1 Typora | 2025-03-25 | N/A | 6.1 MEDIUM |
| Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. | |||||
| CVE-2024-40785 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-25 | N/A | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2024-34312 | 1 Moodle | 1 Virtual Programming Lab | 2025-03-25 | N/A | 6.1 MEDIUM |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | |||||
| CVE-2024-33536 | 1 Zimbra | 1 Collaboration | 2025-03-25 | N/A | 5.4 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | |||||
| CVE-2024-28710 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | |||||
| CVE-2024-28709 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | |||||
| CVE-2024-28153 | 1 Jenkins | 1 Owasp Dependency-check | 2025-03-25 | N/A | 5.4 MEDIUM |
| Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-1434 | 1 Jordymeow | 1 Media Alt Renamer | 2025-03-25 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1. | |||||
| CVE-2024-26490 | 1 Flusity | 1 Flusity | 2025-03-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | |||||
| CVE-2024-26491 | 1 Flusity | 1 Flusity | 2025-03-25 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | |||||