Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31358 | 1 Proxmox | 1 Virtual Environment | 2025-04-22 | N/A | 9.0 CRITICAL |
| A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. | |||||
| CVE-2022-42141 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | |||||
| CVE-2024-7068 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | N/A | 4.6 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability. | |||||
| CVE-2024-7916 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8209 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8208 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-43996 | 1 Csaf Provider Project | 1 Csaf Provider | 2025-04-22 | N/A | 5.4 MEDIUM |
| The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory. | |||||
| CVE-2022-46381 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. | |||||
| CVE-2022-44303 | 1 Resque-scheduler Project | 1 Resque-scheduler | 2025-04-22 | N/A | 6.1 MEDIUM |
| Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side. | |||||
| CVE-2022-46058 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | N/A | 4.8 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||||
| CVE-2021-33371 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||
| CVE-2023-3144 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | |||||
| CVE-2022-31913 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||
| CVE-2023-3143 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | |||||
| CVE-2025-23175 | 2025-04-22 | N/A | N/A | ||
| Multiple XSS (CWE-79) | |||||
| CVE-2025-3814 | 2025-04-22 | N/A | 6.4 MEDIUM | ||
| The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-45028 | 1 Arris | 2 Nvg443b, Nvg443b Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | |||||
| CVE-2022-44575 | 1 Siemens | 1 Plm Help Server | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. | |||||
| CVE-2020-9419 | 1 Arcadyan | 2 Vrv9506jac23, Vrv9506jac23 Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard. | |||||
| CVE-2022-46350 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | |||||