Total
37795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3036 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-04-15 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-3057 | 1 Drupal | 1 Drupal | 2025-04-15 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | |||||
| CVE-2022-46877 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2025-04-15 | N/A | 4.3 MEDIUM |
| By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. | |||||
| CVE-2022-44380 | 1 Snipeitapp | 1 Snipe-it | 2025-04-15 | N/A | 5.4 MEDIUM |
| Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | |||||
| CVE-2022-44012 | 1 Simmeth | 1 Lieferantenmanager | 2025-04-15 | N/A | 5.4 MEDIUM |
| An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be decrypted. | |||||
| CVE-2025-29389 | 1 Pbootcms | 1 Pbootcms | 2025-04-15 | N/A | 6.1 MEDIUM |
| PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. | |||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2025-04-15 | N/A | 4.3 MEDIUM |
| The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. | |||||
| CVE-2024-11447 | 2025-04-14 | N/A | 6.1 MEDIUM | ||
| The Community by PeepSo – Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter’ parameter in all versions up to, and including, 7.0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2022-29853 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.4 MEDIUM |
| OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | |||||
| CVE-2022-29852 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 5.4 MEDIUM |
| OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. | |||||
| CVE-2021-30134 | 6 Ht Slider Range For Amazon Affiliates Project, Php Curl Class Project, Ptwooplugins and 3 more | 6 Ht Slider Range For Amazon Affiliates, Php Curl Class, Invoicing With Invoicexpress For Woocommerce and 3 more | 2025-04-14 | N/A | 6.1 MEDIUM |
| php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. | |||||
| CVE-2025-1665 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | N/A | 6.4 MEDIUM |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-12477 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | N/A | 6.4 MEDIUM |
| The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-4336 | 1 Bt | 1 Baota | 2025-04-14 | N/A | 5.4 MEDIUM |
| In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. | |||||
| CVE-2022-45892 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | N/A | 5.4 MEDIUM |
| In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username. | |||||
| CVE-2022-45890 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | N/A | 6.1 MEDIUM |
| In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter). | |||||
| CVE-2024-44676 | 1 Eladmin | 1 Eladmin | 2025-04-14 | N/A | 4.8 MEDIUM |
| eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. | |||||
| CVE-2021-44855 | 1 Mediawiki | 1 Mediawiki | 2025-04-14 | N/A | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. | |||||
| CVE-2025-30292 | 1 Adobe | 1 Coldfusion | 2025-04-14 | N/A | 6.1 MEDIUM |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2022-37310 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | |||||