Total
37699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20521 | 1 Kitesky | 1 Kitecms | 2025-02-14 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | |||||
| CVE-2020-19699 | 1 Kiftd Project | 1 Kiftd | 2025-02-14 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page. | |||||
| CVE-2020-19698 | 1 Ipandao | 1 Editor.md | 2025-02-14 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. | |||||
| CVE-2024-2127 | 1 Pagelayer | 1 Pagelayer | 2025-02-14 | N/A | 6.4 MEDIUM |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-56463 | 2025-02-14 | N/A | 4.8 MEDIUM | ||
| IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-27089 | 1 Ehuacui-bbs Project | 1 Ehuacui-bbs | 2025-02-14 | N/A | 8.2 HIGH |
| Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. | |||||
| CVE-2020-20522 | 1 Kitesky | 1 Kitecms | 2025-02-14 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | |||||
| CVE-2024-2518 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-02-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2519 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-02-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as problematic. Affected is an unknown function of the file navbar.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256956. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2521 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-02-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2523 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-02-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-26791 | 2025-02-14 | N/A | 4.5 MEDIUM | ||
| DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | |||||
| CVE-2024-54951 | 2025-02-14 | N/A | 5.4 MEDIUM | ||
| Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS. | |||||
| CVE-2024-27965 | 1 Getwpfunnels | 1 Wpfunnels | 2025-02-14 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. | |||||
| CVE-2024-27963 | 1 Crisp | 1 Crisp | 2025-02-14 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. | |||||
| CVE-2024-27962 | 1 Fkrauthan | 1 Wp-mpdf | 2025-02-14 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1. | |||||
| CVE-2023-41165 | 1 Stormshield | 1 Stormshield Network Security | 2025-02-14 | N/A | 4.8 MEDIUM |
| An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft. | |||||
| CVE-2024-21798 | 1 Elecom | 20 Wmc-x1800gst-b, Wmc-x1800gst-b Firmware, Wrc-1167gs2-b and 17 more | 2025-02-14 | N/A | 4.8 MEDIUM |
| ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | |||||
| CVE-2024-27285 | 3 Debian, Fedoraproject, Yardoc | 3 Debian Linux, Fedora, Yard | 2025-02-14 | N/A | 5.4 MEDIUM |
| YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36. | |||||
| CVE-2025-1239 | 2025-02-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11. | |||||