Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32592 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3. | |||||
| CVE-2025-32504 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5. | |||||
| CVE-2023-52265 | 1 Idurarapp | 1 Idurar | 2025-04-17 | N/A | 5.4 MEDIUM |
| IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | |||||
| CVE-2024-21908 | 1 Tiny | 1 Tinymce | 2025-04-17 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2023-50630 | 1 Teamwork Management System Project | 1 Teamwork Management System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. | |||||
| CVE-2020-14502 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. | |||||
| CVE-2023-52045 | 1 Std42 | 1 Elfinder | 2025-04-17 | N/A | 6.1 MEDIUM |
| Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | N/A | 7.1 HIGH |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | |||||
| CVE-2024-48239 | 1 Wtcms Project | 1 Wtcms | 2025-04-17 | N/A | 4.8 MEDIUM |
| An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). | |||||
| CVE-2024-48195 | 1 Eyoucms | 1 Eyoucms | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||||
| CVE-2023-42233 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 6.1 MEDIUM |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. | |||||
| CVE-2023-42230 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | N/A | 6.1 MEDIUM |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. | |||||
| CVE-2023-42245 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
| Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. | |||||
| CVE-2023-42246 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
| Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. | |||||
| CVE-2023-42247 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
| Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. | |||||
| CVE-2023-42249 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
| Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. | |||||
| CVE-2023-42250 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.1 MEDIUM |
| Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. | |||||
| CVE-2022-46870 | 1 Apache | 1 Zeppelin | 2025-04-17 | N/A | 5.4 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin. | |||||
| CVE-2022-40434 | 1 Softr | 1 Softr | 2025-04-17 | N/A | 9.8 CRITICAL |
| Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. | |||||
| CVE-2022-27494 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||