Total
36252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2025-05-20 | N/A | 6.1 MEDIUM |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
| CVE-2025-27088 | 1 Oxyno-zeta | 1 S3-proxy | 2025-05-20 | N/A | 8.2 HIGH |
| oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a moderate risk to all users. It's possible to inject html elements, including scripts through the folder-list template. The affected template allows users to interact with the URL path provided by the `Request.URL.Path` variable, which is then rendered directly into the HTML without proper sanitization or escaping. This can be abused by attackers who craft a malicious URL containing injected HTML or JavaScript. When users visit such a URL, the malicious script will be executed in the user's context. This issue has been addressed in version 4.18.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-41206 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-05-20 | N/A | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-42236 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | |||||
| CVE-2022-41376 | 1 Metroui | 1 Metro Ui | 2025-05-20 | N/A | 6.1 MEDIUM |
| Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | |||||
| CVE-2022-42235 | 1 Student Clearance System Project | 1 Student Clearance System | 2025-05-19 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | |||||
| CVE-2024-4757 | 1 Wp-master | 1 Logo Manager For Enamad | 2025-05-19 | N/A | 8.1 HIGH |
| The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-4899 | 1 Seopress | 1 Seopress | 2025-05-19 | N/A | 5.0 MEDIUM |
| The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-5573 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-19 | N/A | 5.9 MEDIUM |
| The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-5473 | 1 Zitscher | 1 Simple Photoswipe | 2025-05-19 | N/A | 4.0 MEDIUM |
| The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-3633 | 1 Rezakhan995 | 1 Webp \& Svg Support | 2025-05-19 | N/A | 5.4 MEDIUM |
| The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2024-4759 | 1 Staude | 1 Mime Types Extended | 2025-05-19 | N/A | 5.5 MEDIUM |
| The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2024-5730 | 1 Mahype | 1 Pagerank Tools | 2025-05-19 | N/A | 6.1 MEDIUM |
| The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5729 | 1 Alexdtn | 1 Simple Al Slider | 2025-05-19 | N/A | 6.1 MEDIUM |
| The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5728 | 1 Alexdtn | 1 Animated Al List | 2025-05-19 | N/A | 5.4 MEDIUM |
| The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5727 | 1 Apidaze | 1 Widget4call | 2025-05-19 | N/A | 4.7 MEDIUM |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-30316 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 5.4 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-30315 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 6.1 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-30314 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 6.1 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-43567 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 9.3 CRITICAL |
| Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||