Total
37550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | |||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 4.6 MEDIUM |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | |||||
| CVE-2024-3755 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | N/A | 5.4 MEDIUM |
| The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-33859 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 6.1 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | |||||
| CVE-2025-26153 | 2025-04-18 | N/A | 5.4 MEDIUM | ||
| A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. | |||||
| CVE-2024-51142 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. | |||||
| CVE-2024-13347 | 1 Smartdatasoft | 1 Essential Wp Real Estate | 2025-04-18 | N/A | 6.8 MEDIUM |
| The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2025-22664 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5. | |||||
| CVE-2025-24028 | 1 Joplin Project | 1 Joplin | 2025-04-18 | N/A | 7.8 HIGH |
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-25988 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. | |||||
| CVE-2025-25990 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | |||||
| CVE-2023-51296 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-18 | N/A | 6.1 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code | |||||
| CVE-2024-50426 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. | |||||
| CVE-2024-2593 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2023-5980 | 1 Bannersky | 1 Bsk Forms Blacklist | 2025-04-17 | N/A | 4.8 MEDIUM |
| The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-2598 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2597 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2596 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2595 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2594 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||