Total
36740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30890 | 1 Ed01-cms Project | 1 Ed01-cms | 2025-04-30 | N/A | 4.7 MEDIUM |
| Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. | |||||
| CVE-2024-31574 | 1 Twcms | 1 Twcms | 2025-04-30 | N/A | 5.0 MEDIUM |
| Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script | |||||
| CVE-2024-37764 | 1 Machform | 1 Machform | 2025-04-30 | N/A | 5.4 MEDIUM |
| MachForm up to version 19 is affected by an authenticated stored cross-site scripting. | |||||
| CVE-2024-37763 | 1 Machform | 1 Machform | 2025-04-30 | N/A | 5.4 MEDIUM |
| MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. | |||||
| CVE-2025-46228 | 1 Avecnous | 1 Event Post | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11. | |||||
| CVE-2025-46229 | 1 Textmetrics | 1 Textmetrics | 2025-04-30 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2. | |||||
| CVE-2025-46233 | 1 Sirv | 1 Sirv | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3. | |||||
| CVE-2024-52944 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | |||||
| CVE-2024-52943 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | |||||
| CVE-2024-52942 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | |||||
| CVE-2025-46235 | 1 Sktthemes | 1 Skt Blocks | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0. | |||||
| CVE-2025-46236 | 1 Ibericode | 1 Html Forms | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2. | |||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2025-04-30 | N/A | 5.4 MEDIUM |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-44073 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | |||||
| CVE-2022-44071 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | |||||
| CVE-2022-44070 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | |||||
| CVE-2022-44069 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | |||||
| CVE-2022-44002 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 6.1 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | |||||
| CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43342 | 1 Eramba | 1 Eramba | 2025-04-30 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | |||||