Total
37647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41233 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-43614 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-41962 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | |||||
| CVE-2021-20734 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | |||||
| CVE-2023-5951 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-2775 | 1 Campcodes | 1 Online Marriage Registration System | 2025-02-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability. | |||||
| CVE-2024-2778 | 1 Campcodes | 1 Online Marriage Registration System | 2025-02-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612. | |||||
| CVE-2024-2773 | 1 Campcodes | 1 Online Marriage Registration System | 2025-02-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. | |||||
| CVE-2024-4797 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263896. | |||||
| CVE-2024-28112 | 1 Peering-manager | 1 Peering Manager | 2025-02-20 | N/A | 6.1 MEDIUM |
| Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-2832 | 1 Campcodes | 1 Online Shopping System | 2025-02-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. | |||||
| CVE-2024-13612 | 1 Wordplus | 1 Better Messages | 2025-02-20 | N/A | 6.4 MEDIUM |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-24012 | 1 Umbraco | 1 Umbraco Cms | 2025-02-20 | N/A | 4.6 MEDIUM |
| Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch. | |||||
| CVE-2024-13570 | 1 Unalignedcode | 1 Stray Random Quotes | 2025-02-20 | N/A | 6.1 MEDIUM |
| The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13543 | 1 Amini7 | 1 Zarinpal Paid Download | 2025-02-20 | N/A | 6.1 MEDIUM |
| The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-51305 | 2025-02-20 | N/A | 5.4 MEDIUM | ||
| PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | |||||
| CVE-2024-37360 | 2025-02-19 | N/A | 4.4 MEDIUM | ||
| Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.0 and 9.3.0.9, including 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface. Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. | |||||
| CVE-2023-47223 | 1 Wpmapplugins | 1 Basic Interactive World Map | 2025-02-19 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions. | |||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2025-02-19 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | |||||
| CVE-2023-27242 | 1 Razormist | 1 Loan Management System | 2025-02-19 | N/A | 5.4 MEDIUM |
| SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. | |||||