Total
37660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47227 | 1 Iredmail | 1 Iredadmin | 2025-03-25 | N/A | 6.1 MEDIUM |
| iRedAdmin before 2.6 allows XSS, e.g., via order_name. | |||||
| CVE-2023-23026 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | |||||
| CVE-2023-23011 | 1 Invoiceplane | 1 Invoiceplane | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | |||||
| CVE-2022-47418 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | |||||
| CVE-2022-47417 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | |||||
| CVE-2022-47415 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | |||||
| CVE-2022-47414 | 1 Openkm | 1 Openkm | 2025-03-25 | N/A | 5.4 MEDIUM |
| If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | |||||
| CVE-2022-47413 | 1 Openkm | 1 Openkm | 2025-03-25 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | |||||
| CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2025-03-25 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | |||||
| CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2025-03-25 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||||
| CVE-2025-23199 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 4.6 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23200 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 4.6 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23201 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 5.4 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-10867 | 1 Visualmodo | 1 Borderless | 2025-03-25 | N/A | 5.4 MEDIUM |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2019-4431 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888. | |||||
| CVE-2018-1951 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. | |||||
| CVE-2018-1534 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432. | |||||
| CVE-2018-1533 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431. | |||||
| CVE-2018-1657 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. | |||||
| CVE-2021-39015 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | N/A | 5.4 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655. | |||||