Total
37647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41481 | 1 Typora | 1 Typora | 2025-03-20 | N/A | 6.1 MEDIUM |
| Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. | |||||
| CVE-2024-37392 | 1 Smseagle | 1 Smseagle | 2025-03-20 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI. | |||||
| CVE-2023-48986 | 1 Cusg | 1 Content Management System | 2025-03-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. | |||||
| CVE-2019-15870 | 1 Scriptsbundle | 1 Carspot | 2025-03-20 | 3.5 LOW | 5.4 MEDIUM |
| The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. | |||||
| CVE-2025-26917 | 1 Hasthemes | 1 Wp Templata | 2025-03-20 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata allows Reflected XSS. This issue affects WP Templata: from n/a through 1.0.7. | |||||
| CVE-2025-26772 | 1 Detheme | 1 Dethemekit For Elementor | 2025-03-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS. This issue affects DethemeKit For Elementor: from n/a through 2.1.8. | |||||
| CVE-2024-54444 | 1 Elementor | 1 Website Builder | 2025-03-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue affects Elementor Website Builder: from n/a through 3.25.10. | |||||
| CVE-2024-56259 | 1 Ayecode | 1 Geodirectory | 2025-03-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84. | |||||
| CVE-2025-22806 | 1 Modernaweb | 1 Black Widgets For Elementor | 2025-03-20 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. | |||||
| CVE-2025-0192 | 2025-03-20 | N/A | 5.4 MEDIUM | ||
| A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially leading to the theft of user prompt history and other sensitive information. | |||||
| CVE-2024-12870 | 2025-03-20 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' content type, which is automatically rendered by browsers. This can lead to the execution of arbitrary JavaScript in the context of the user's browser, potentially allowing attackers to steal cookies and gain unauthorized access to user files and resources. The vulnerability does not require authentication, making it accessible to anyone with network access to the instance. | |||||
| CVE-2024-12374 | 2025-03-20 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. | |||||
| CVE-2024-11441 | 2025-03-20 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. The vulnerability is due to improper neutralization of input during web page generation in the chat prompt. An attacker can exploit this vulnerability by sending a crafted message containing malicious HTML/JavaScript code, which will be stored and executed whenever the chat is accessed, leading to unintended content being shown to the user and potential phishing attacks. | |||||
| CVE-2024-0640 | 2025-03-20 | N/A | 5.6 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2. | |||||
| CVE-2025-2108 | 2025-03-20 | N/A | 6.4 MEDIUM | ||
| The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-42671 | 2025-03-19 | N/A | 6.1 MEDIUM | ||
| A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities. | |||||
| CVE-2024-39457 | 1 Cybozu | 1 Garoon | 2025-03-19 | N/A | 5.4 MEDIUM |
| Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. | |||||
| CVE-2023-51436 | 2025-03-19 | N/A | 5.9 MEDIUM | ||
| Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the product. | |||||
| CVE-2023-5631 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2025-03-19 | N/A | 6.1 MEDIUM |
| Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | |||||
| CVE-2025-26775 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2025-03-19 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4. | |||||