Total
37646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13029 | 1 Vanderbilt | 1 Redcap | 2025-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | |||||
| CVE-2018-6867 | 1 Alibaba Clone Script Project | 1 Alibaba Clone Script | 2025-03-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | |||||
| CVE-2025-0554 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 4.4 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-56242 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-19 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14. | |||||
| CVE-2024-29915 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. | |||||
| CVE-2024-25920 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. | |||||
| CVE-2025-30196 | 2025-03-19 | N/A | 6.5 MEDIUM | ||
| Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step. | |||||
| CVE-2025-2536 | 2025-03-19 | N/A | N/A | ||
| Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's layout-taglib/__liferay__/index.js allows remote attackers to inject arbitrary web script or HTML via toastData parameter | |||||
| CVE-2025-27704 | 2025-03-19 | N/A | N/A | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none. | |||||
| CVE-2024-21686 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-03-19 | N/A | 8.7 HIGH |
| This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program. | |||||
| CVE-2023-25763 | 1 Jenkins | 1 Email Extension | 2025-03-19 | N/A | 5.4 MEDIUM |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | |||||
| CVE-2023-25762 | 1 Jenkins | 1 Pipeline\ | 2025-03-19 | N/A | 5.4 MEDIUM |
| Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | |||||
| CVE-2020-19825 | 1 Kimai | 1 Kimai | 2025-03-19 | N/A | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | |||||
| CVE-2024-2888 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-19 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | |||||
| CVE-2024-34811 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. | |||||
| CVE-2024-33928 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2025-03-19 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0. | |||||
| CVE-2024-50656 | 1 Angeljudesuarez | 1 Placement Management System | 2025-03-19 | N/A | 6.1 MEDIUM |
| itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | |||||
| CVE-2024-44684 | 1 Tpmecms | 1 Tpmecms | 2025-03-19 | N/A | 6.1 MEDIUM |
| TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | |||||
| CVE-2024-44449 | 2025-03-19 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page. | |||||
| CVE-2024-41599 | 1 Ruoyi | 1 Ruoyi | 2025-03-19 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | |||||