Total
37793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40333 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 | |||||
| CVE-2024-40336 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 6.1 MEDIUM |
| idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' | |||||
| CVE-2024-30920 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 7.4 HIGH |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | |||||
| CVE-2024-30921 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | |||||
| CVE-2024-30925 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 6.5 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | |||||
| CVE-2024-30926 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 4.6 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | |||||
| CVE-2024-30927 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 6.3 MEDIUM |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | |||||
| CVE-2024-30929 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 8.0 HIGH |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php | |||||
| CVE-2022-43271 | 1 Inhabit | 1 Move Crm | 2025-04-15 | N/A | 5.4 MEDIUM |
| Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component. | |||||
| CVE-2024-2289 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | N/A | 6.4 MEDIUM |
| The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-12239 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | N/A | 6.1 MEDIUM |
| The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. | |||||
| CVE-2024-37409 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Stored XSS.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.4. | |||||
| CVE-2022-0176 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-45411 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.1 MEDIUM |
| Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-45408 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
| Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-40011 | 1 Typora | 1 Typora | 2025-04-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor. | |||||
| CVE-2024-43330 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2025-04-15 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Builder allows Reflected XSS.This issue affects PowerPack for Beaver Builder: from n/a before 2.37.4. | |||||
| CVE-2024-7895 | 1 Fastlinemedia | 1 Beaver Builder | 2025-04-15 | N/A | 6.4 MEDIUM |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-3036 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-04-15 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-3057 | 1 Drupal | 1 Drupal | 2025-04-15 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | |||||