Total
36305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33231 | 1 Easyvista | 1 Service Manager | 2025-05-08 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. | |||||
| CVE-2018-8032 | 3 Apache, Debian, Oracle | 38 Axis, Debian Linux, Agile Engineering Data Management and 35 more | 2025-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | |||||
| CVE-2016-5512 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. | |||||
| CVE-2023-4479 | 1 M-files | 1 M-files | 2025-05-08 | N/A | 7.3 HIGH |
| Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | |||||
| CVE-2024-1746 | 1 Radiustheme | 1 Testimonial Slider And Showcase | 2025-05-08 | N/A | 5.4 MEDIUM |
| The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-1660 | 1 Wpdarko | 1 Top Bar | 2025-05-08 | N/A | 4.8 MEDIUM |
| The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-2444 | 1 Data443 | 1 Inline Related Posts | 2025-05-08 | N/A | 4.8 MEDIUM |
| The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-3752 | 1 Crelly Slider Project | 1 Crelly Slider | 2025-05-08 | N/A | 5.4 MEDIUM |
| The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-0904 | 1 Radykal | 1 Fancy Product Designer | 2025-05-08 | N/A | 5.9 MEDIUM |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3692 | 1 Jegstudio | 1 Gutenverse | 2025-05-08 | N/A | 6.1 MEDIUM |
| The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-3637 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-05-08 | N/A | 6.1 MEDIUM |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-29746 | 2025-05-08 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | |||||
| CVE-2024-25225 | 1 Code-projects | 1 Simple Admin Panel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | |||||
| CVE-2022-42200 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. | |||||
| CVE-2022-41358 | 1 Garage Management System Project | 1 Garage Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. | |||||
| CVE-2022-42206 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | |||||
| CVE-2022-42205 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | |||||
| CVE-2025-47507 | 2025-05-08 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0. | |||||
| CVE-2025-47495 | 2025-05-08 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blockspare Blockspare allows Stored XSS. This issue affects Blockspare: from n/a through 3.2.9. | |||||
| CVE-2025-47493 | 2025-05-08 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks allows DOM-Based XSS. This issue affects Ultimate Blocks: from n/a through 3.2.9. | |||||