Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32507 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Event Espresso – Custom Email Template Shortcode allows Reflected XSS. This issue affects Event Espresso – Custom Email Template Shortcode: from n/a through 1.0.0. | |||||
| CVE-2025-27322 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bappa Mal QR Code for WooCommerce allows Reflected XSS. This issue affects QR Code for WooCommerce: from n/a through 1.2.0. | |||||
| CVE-2025-39420 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button allows Stored XSS. This issue affects WP Twitter Button: from n/a through 1.4.1. | |||||
| CVE-2025-32504 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5. | |||||
| CVE-2025-32532 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff allows Reflected XSS. This issue affects UXsniff: from n/a through 1.2.4. | |||||
| CVE-2025-22636 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases allows Reflected XSS. This issue affects VR-Frases: from n/a through 3.0.1. | |||||
| CVE-2025-24752 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14. | |||||
| CVE-2025-32638 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile ShopApper allows Stored XSS. This issue affects ShopApper: from n/a through 0.4.39. | |||||
| CVE-2025-32608 | 2025-04-17 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation allows Reflected XSS. This issue affects Movylo Marketing Automation: from n/a through 2.0.7. | |||||
| CVE-2023-52265 | 1 Idurarapp | 1 Idurar | 2025-04-17 | N/A | 5.4 MEDIUM |
| IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | |||||
| CVE-2023-50630 | 1 Teamwork Management System Project | 1 Teamwork Management System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. | |||||
| CVE-2024-21908 | 1 Tiny | 1 Tinymce | 2025-04-17 | N/A | 6.1 MEDIUM |
| TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. | |||||
| CVE-2020-14502 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface. | |||||
| CVE-2022-27494 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 5.4 MEDIUM |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-40434 | 1 Softr | 1 Softr | 2025-04-17 | N/A | 9.8 CRITICAL |
| Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. | |||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | N/A | 6.1 MEDIUM |
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | |||||
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 6.1 MEDIUM |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-41993 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-40435 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2025-04-17 | N/A | 4.8 MEDIUM |
| Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. | |||||
| CVE-2022-46287 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||