Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3987 | 1 Noorsplugin | 1 Responsive Lightbox2 | 2025-04-17 | N/A | 5.4 MEDIUM |
| The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-12045 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-17 | N/A | 4.8 MEDIUM |
| The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-17 | N/A | N/A |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | |||||
| CVE-2022-25929 | 1 Smoothiecharts | 1 Smoothie Charts | 2025-04-16 | N/A | 5.4 MEDIUM |
| The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties. | |||||
| CVE-2022-46096 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
| A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to register.php without logging in. | |||||
| CVE-2022-46095 | 1 Covid-19 Directory On Vaccination System Project | 1 Covid-19 Directory On Vaccination System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccinationID parameter. | |||||
| CVE-2022-40841 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-04-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter. | |||||
| CVE-2022-44449 | 1 Zenphoto | 1 Zenphoto | 2025-04-16 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2025-24412 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24415 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24416 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24414 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24413 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24417 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24410 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2021-43657 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2025-04-16 | N/A | 5.4 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields. | |||||
| CVE-2018-25080 | 1 Mobiledetect | 1 Mobiledetect | 2025-04-16 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | |||||
| CVE-2020-15716 | 1 Rosariosis | 1 Rosariosis | 2025-04-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL. | |||||
| CVE-2020-15718 | 1 Rosariosis | 1 Rosariosis | 2025-04-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL. | |||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2025-04-16 | N/A | 6.1 MEDIUM |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. | |||||