Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4479 | 1 M-files | 1 M-files | 2025-05-08 | N/A | 5.4 MEDIUM |
| Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | |||||
| CVE-2024-2444 | 1 Data443 | 1 Inline Related Posts | 2025-05-08 | N/A | N/A |
| The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-0904 | 1 Radykal | 1 Fancy Product Designer | 2025-05-08 | N/A | N/A |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-3692 | 1 Jegstudio | 1 Gutenverse | 2025-05-08 | N/A | N/A |
| The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-3637 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-05-08 | N/A | N/A |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-41358 | 1 Garage Management System Project | 1 Garage Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. | |||||
| CVE-2024-25225 | 1 Code-projects | 1 Simple Admin Panel | 2025-05-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | |||||
| CVE-2022-42200 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. | |||||
| CVE-2022-42206 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | |||||
| CVE-2022-42205 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-08 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | |||||
| CVE-2023-7303 | 2025-05-07 | N/A | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The patch is named 0ca85ca02f8aceb661e9b71fd229c45d388ea5b5. It is recommended to upgrade the affected component. | |||||
| CVE-2023-45206 | 1 Zimbra | 1 Collaboration | 2025-05-07 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.) | |||||
| CVE-2023-49489 | 1 Kodcloud | 1 Kodexplorer | 2025-05-07 | N/A | 6.1 MEDIUM |
| Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. | |||||
| CVE-2023-5005 | 1 Codesmade | 1 Autocomplete Location Field Contact Form 7 | 2025-05-07 | N/A | 4.8 MEDIUM |
| The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-46344 | 1 Solar-log | 2 2000 Pm\+, 2000 Pm\+ Firmware | 2025-05-07 | N/A | 5.4 MEDIUM |
| A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. | |||||
| CVE-2022-35739 | 1 Paessler | 1 Prtg Network Monitor | 2025-05-07 | N/A | 5.3 MEDIUM |
| PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. | |||||
| CVE-2022-38162 | 1 Withsecure | 1 F-secure Policy Manager | 2025-05-07 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. | |||||
| CVE-2022-36783 | 1 Algosec | 1 Fireflow | 2025-05-07 | N/A | 5.4 MEDIUM |
| AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. | |||||
| CVE-2024-13381 | 1 Codepeople | 1 Calculated Fields Form | 2025-05-07 | N/A | 4.8 MEDIUM |
| The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-0709 | 1 Dcatadmin | 1 Dcat Admin | 2025-05-07 | N/A | 4.8 MEDIUM |
| A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||