Total
37661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22664 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5. | |||||
| CVE-2025-24028 | 1 Joplin Project | 1 Joplin | 2025-04-18 | N/A | 7.8 HIGH |
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-25988 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. | |||||
| CVE-2025-25990 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | |||||
| CVE-2023-51296 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-18 | N/A | 6.1 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code | |||||
| CVE-2024-50426 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. | |||||
| CVE-2024-2593 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2023-5980 | 1 Bannersky | 1 Bsk Forms Blacklist | 2025-04-17 | N/A | 4.8 MEDIUM |
| The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-2598 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2597 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2596 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2595 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2024-2594 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 7.1 HIGH |
| Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | |||||
| CVE-2025-3733 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1. | |||||
| CVE-2025-22651 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS. This issue affects Stylish Google Sheet Reader: from n/a through 4.0. | |||||
| CVE-2025-27293 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webparexapp Shipmozo Courier Tracking allows Reflected XSS. This issue affects Shipmozo Courier Tracking: from n/a through 1.0. | |||||
| CVE-2025-24655 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 1.0.39. | |||||
| CVE-2025-27288 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons allows Reflected XSS. This issue affects File Icons: from n/a through 2.1. | |||||
| CVE-2025-24539 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Reflected XSS. This issue affects DeBounce Email Validator: from n/a through 5.6.5. | |||||
| CVE-2025-3760 | 2025-04-17 | N/A | N/A | ||
| A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page. | |||||