Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3421 | 1 Wpeverest | 1 Everest Forms | 2025-04-23 | N/A | 6.1 MEDIUM |
| The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2017-18591 | 1 Dev4press | 1 Gd Rating System | 2025-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php. | |||||
| CVE-2024-10680 | 1 10web | 1 Form Maker | 2025-04-23 | N/A | N/A |
| The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-50175 | 1 Weseek | 1 Growi | 2025-04-23 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | |||||
| CVE-2022-44153 | 1 Rapidscada | 1 Rapid Scada | 2025-04-23 | N/A | 6.1 MEDIUM |
| Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-46686 | 1 Jenkins | 1 Custom Build Properties | 2025-04-23 | N/A | 5.4 MEDIUM |
| Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. | |||||
| CVE-2022-44361 | 1 Zzcms | 1 Zzcms | 2025-04-23 | N/A | 5.4 MEDIUM |
| An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. | |||||
| CVE-2022-46684 | 1 Jenkins | 1 Checkmarx | 2025-04-23 | N/A | 5.4 MEDIUM |
| Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-45740 | 1 Weseek | 1 Growi | 2025-04-23 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | |||||
| CVE-2022-46687 | 1 Jenkins | 1 Spring Config | 2025-04-23 | N/A | 5.4 MEDIUM |
| Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. | |||||
| CVE-2022-42486 | 1 Basercms | 1 Basercms | 2025-04-23 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-25629 | 1 Symantec | 1 Messaging Gateway | 2025-04-23 | N/A | 5.4 MEDIUM |
| An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | |||||
| CVE-2022-3838 | 1 Wpupper Share Buttons Project | 1 Wpupper Share Buttons | 2025-04-23 | N/A | 4.8 MEDIUM |
| The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-25630 | 1 Symantec | 1 Messaging Gateway | 2025-04-23 | N/A | 5.4 MEDIUM |
| An authenticated user can embed malicious content with XSS into the admin group policy page. | |||||
| CVE-2022-41994 | 1 Basercms | 1 Basercms | 2025-04-23 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3253 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | N/A | 6.1 MEDIUM |
| A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2025-04-23 | N/A | 6.1 MEDIUM |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | |||||
| CVE-2022-45758 | 1 Sens Project | 1 Sens | 2025-04-23 | N/A | 5.4 MEDIUM |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | |||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2025-04-23 | N/A | 6.1 MEDIUM |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | |||||