Total
37660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40101 | 1 Microweber | 1 Microweber | 2025-03-25 | N/A | 6.1 MEDIUM |
| A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. | |||||
| CVE-2022-47419 | 1 Mayan-edms | 1 Mayan Edms | 2025-03-25 | N/A | 5.4 MEDIUM |
| An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | |||||
| CVE-2022-47416 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. | |||||
| CVE-2022-2094 | 1 Yellowyard | 1 Yellow Yard Searchbar | 2025-03-25 | N/A | 6.1 MEDIUM |
| The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting | |||||
| CVE-2025-20208 | 1 Cisco | 1 Telepresence Management Suite | 2025-03-25 | N/A | 4.6 MEDIUM |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2025-03-24 | N/A | 6.1 MEDIUM |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | |||||
| CVE-2023-24690 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 5.4 MEDIUM |
| ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | |||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | N/A | 5.4 MEDIUM |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | |||||
| CVE-2023-24686 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 4.8 MEDIUM |
| An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | |||||
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | |||||
| CVE-2025-1261 | 1 Hasthemes | 1 Ht Mega | 2025-03-24 | N/A | 6.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability exists due to an incomplete fix for CVE-2024-3307. | |||||
| CVE-2025-1287 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-03-24 | N/A | 6.4 MEDIUM |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-54540 | 2 Apple, Microsoft | 3 Music, Windows 10 22h2, Windows 11 24h2 | 2025-03-24 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | |||||
| CVE-2024-48821 | 2025-03-24 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. | |||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | |||||
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | |||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | |||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | |||||