Total
35919 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40879 | 1 Keking | 1 Kkfileview | 2025-05-20 | N/A | 6.1 MEDIUM |
| kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.' | |||||
| CVE-2022-37461 | 1 Canon | 1 Medical Vitrea View | 2025-05-20 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. | |||||
| CVE-2022-35137 | 1 Dgiotcloud | 1 Dgiot | 2025-05-20 | N/A | 5.4 MEDIUM |
| DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2025-22388 | 1 Optimizely | 1 Optimizely Cms | 2025-05-20 | N/A | 5.7 MEDIUM |
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads. | |||||
| CVE-2024-10563 | 1 Prontotools | 1 Woo Cart Count Shortcode | 2025-05-20 | N/A | 5.4 MEDIUM |
| The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-12737 | 1 Wp-base | 1 Wp Base Booking Of Appointments\, Services And Events | 2025-05-20 | N/A | 6.1 MEDIUM |
| The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13629 | 1 Csimplifyit | 1 Pushbiz | 2025-05-20 | N/A | 6.1 MEDIUM |
| The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13630 | 1 Mahinsha | 1 Newsticker | 2025-05-20 | N/A | 6.1 MEDIUM |
| The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13631 | 1 Sanditsolution | 1 Om Stripe | 2025-05-20 | N/A | 7.1 HIGH |
| The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13632 | 1 Sprintexperts | 1 Wp Extra Fields | 2025-05-20 | N/A | 7.1 HIGH |
| The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13633 | 1 Fb-creations | 1 Simple Catalogue | 2025-05-20 | N/A | 7.1 HIGH |
| The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13634 | 1 Wphobby | 1 Post Sync | 2025-05-20 | N/A | 6.1 MEDIUM |
| The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13669 | 1 Margiov | 1 Calendapp | 2025-05-20 | N/A | 6.1 MEDIUM |
| The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13678 | 1 Rcabarreto1 | 1 R3w Instafeed | 2025-05-20 | N/A | 6.1 MEDIUM |
| The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-56408 | 1 Phpoffice | 1 Phpspreadsheet | 2025-05-20 | N/A | 5.4 MEDIUM |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to the possibility of a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | |||||
| CVE-2022-40408 | 1 Feehi | 1 Feehicms | 2025-05-20 | N/A | 5.4 MEDIUM |
| FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. | |||||
| CVE-2022-40313 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | N/A | 7.1 HIGH |
| Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | |||||
| CVE-2024-24904 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2024-24906 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2024-24905 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 7.6 HIGH |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||