Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | N/A | 5.3 MEDIUM |
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | |||||
| CVE-2022-46287 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-41993 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-40743 | 1 Apache | 1 Traffic Server | 2025-04-17 | N/A | 6.1 MEDIUM |
| Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. | |||||
| CVE-2022-40435 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2025-04-17 | N/A | 4.8 MEDIUM |
| Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. | |||||
| CVE-2022-3987 | 1 Noorsplugin | 1 Responsive Lightbox2 | 2025-04-17 | N/A | 5.4 MEDIUM |
| The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-12045 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-17 | N/A | 4.4 MEDIUM |
| The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-54687 | 1 Vtiger | 1 Vtiger Crm | 2025-04-17 | N/A | 6.1 MEDIUM |
| Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | |||||
| CVE-2024-35498 | 1 Getgrav | 1 Grav | 2025-04-17 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-56410 | 1 Phpoffice | 1 Phpspreadsheet | 2025-04-17 | N/A | 5.4 MEDIUM |
| PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | |||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-17 | N/A | 7.5 HIGH |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | |||||
| CVE-2024-10706 | 1 W3eden | 1 Download Manager | 2025-04-17 | N/A | 4.8 MEDIUM |
| The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-52676 | 1 Emiloimagtolis | 1 Online Discussion Forum | 2025-04-17 | N/A | 5.4 MEDIUM |
| Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. | |||||
| CVE-2022-25929 | 1 Smoothiecharts | 1 Smoothie Charts | 2025-04-16 | N/A | 5.4 MEDIUM |
| The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. | |||||
| CVE-2023-45552 | 1 Veridiumid | 1 Veridiumad | 2025-04-16 | N/A | 6.5 MEDIUM |
| In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal. | |||||
| CVE-2024-34224 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | |||||
| CVE-2024-29865 | 1 Logpoint | 1 Siem | 2025-04-16 | N/A | 5.4 MEDIUM |
| Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. | |||||
| CVE-2023-49983 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-49986 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||