Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25551 | 1 Oretnom23 | 1 Simple Student Attendance System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL. | |||||
| CVE-2024-25434 | 1 Pkp.sfu | 1 Open Journal Systems | 2025-04-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. | |||||
| CVE-2023-49985 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. | |||||
| CVE-2023-49984 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-46096 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
| A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to register.php without logging in. | |||||
| CVE-2022-46095 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccinationID parameter. | |||||
| CVE-2022-44449 | 1 Zenphoto | 1 Zenphoto | 2025-04-16 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-40841 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-04-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter. | |||||
| CVE-2025-24412 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24413 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24414 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24415 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24416 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24417 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24410 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2024-50807 | 2025-04-16 | N/A | 6.1 MEDIUM | ||
| Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. | |||||
| CVE-2021-43657 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2025-04-16 | N/A | 5.4 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. | |||||
| CVE-2023-49987 | 1 Oretnom23 | 1 School Fees Management System | 2025-04-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. | |||||
| CVE-2024-28623 | 1 Ritecms | 1 Ritecms | 2025-04-16 | N/A | 6.1 MEDIUM |
| RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. | |||||
| CVE-2022-22748 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||