Total
37750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4595 | 1 Caseproof | 1 Prettylinks | 2025-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pretty-Link WordPress plugin 1.5.2 has XSS | |||||
| CVE-2024-5933 | 1 Lollms | 1 Lollms Web Ui | 2025-02-13 | N/A | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. | |||||
| CVE-2025-26574 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moch Amir Google Drive WP Media allows Stored XSS. This issue affects Google Drive WP Media: from n/a through 2.4.4. | |||||
| CVE-2025-26567 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farjana55 Font Awesome WP allows DOM-Based XSS. This issue affects Font Awesome WP: from n/a through 1.0. | |||||
| CVE-2025-26561 | 2025-02-13 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS. This issue affects Elfsight Yottie Lite: from n/a through 1.3.3. | |||||
| CVE-2025-26558 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mkkmail Aparat Responsive allows DOM-Based XSS. This issue affects Aparat Responsive: from n/a through 1.3. | |||||
| CVE-2025-26552 | 2025-02-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badrHan Naver Syndication V2 allows Stored XSS. This issue affects Naver Syndication V2: from n/a through 0.8.3. | |||||
| CVE-2025-26551 | 2025-02-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse allows Stored XSS. This issue affects Bootstrap collapse: from n/a through 1.0.4. | |||||
| CVE-2025-26539 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map allows Stored XSS. This issue affects Embed Google Map: from n/a through 3.2. | |||||
| CVE-2025-26538 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Prezi Embedder allows Stored XSS. This issue affects Prezi Embedder: from n/a through 2.1. | |||||
| CVE-2025-1271 | 2025-02-13 | N/A | 6.1 MEDIUM | ||
| Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theft or the execution of unauthorised actions on behalf of the affected user. | |||||
| CVE-2024-55488 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level. | |||||
| CVE-2020-29444 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. | |||||
| CVE-2024-49793 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-49792 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-49791 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 6.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-1213 | 2025-02-12 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-37462 | 1 Upstreamworks | 1 Upstream Works On Finesse | 2025-02-12 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details. | |||||
| CVE-2024-35218 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | N/A | 4.2 MEDIUM |
| Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer. | |||||
| CVE-2023-2826 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2025-02-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | |||||