Total
36788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | |||||
| CVE-2024-46083 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. | |||||
| CVE-2024-46079 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 6.1 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | |||||
| CVE-2024-46081 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. | |||||
| CVE-2024-35362 | 1 Shopex | 1 Ecshop | 2025-04-28 | N/A | 5.4 MEDIUM |
| Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php. | |||||
| CVE-2024-20487 | 1 Cisco | 1 Identity Services Engine | 2025-04-28 | N/A | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. | |||||
| CVE-2024-56144 | 1 Librenms | 1 Librenms | 2025-04-28 | N/A | 4.6 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23198 | 1 Librenms | 1 Librenms | 2025-04-28 | N/A | 4.6 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-44573 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 4.7 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-40482 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 9.8 CRITICAL |
| An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-25837 | 1 Octobercms | 1 October | 2025-04-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section. | |||||
| CVE-2023-52048 | 1 Ruoyi | 1 Ruoyi | 2025-04-28 | N/A | 4.7 MEDIUM |
| RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. | |||||
| CVE-2022-42985 | 1 Scratch-wiki | 1 Scratch Login | 2025-04-25 | N/A | 4.8 MEDIUM |
| The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). | |||||
| CVE-2022-38147 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | |||||
| CVE-2022-38145 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | |||||
| CVE-2022-37430 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | |||||
| CVE-2022-37429 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | |||||
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/cms through 4.11.0 allows XSS. | |||||
| CVE-2023-49034 | 1 Projeqtor | 1 Projeqtor | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files. | |||||
| CVE-2023-46967 | 1 Enhancesoft | 1 Osticket | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. | |||||