Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40034 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-03 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. | |||||
| CVE-2023-23015 | 1 Kalkun Project | 1 Kalkun | 2025-04-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php. | |||||
| CVE-2020-24901 | 1 Krpano | 1 Krpano | 2025-04-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url. | |||||
| CVE-2007-4039 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||
| CVE-2007-4040 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||
| CVE-2024-13074 | 1 Phpgurukul | 1 Land Record System | 2025-04-03 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-56237 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-03 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3. | |||||
| CVE-2025-30858 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm allows Reflected XSS. This issue affects Snow Storm: from n/a through 1.4.6. | |||||
| CVE-2025-31573 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database allows Stored XSS. This issue affects PeproDev CF7 Database: from n/a through 2.0.0. | |||||
| CVE-2025-31468 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP_Identicon allows Reflected XSS. This issue affects WP_Identicon: from n/a through 2.0. | |||||
| CVE-2008-1299 | 2 Manageengine, Microsoft | 2 Servicedesk Plus, Windows | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2025-31622 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit allows Stored XSS. This issue affects Advanced Typekit: from n/a through 1.0.1. | |||||
| CVE-2025-31901 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1. | |||||
| CVE-2025-31442 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Search engine keywords highlighter allows Reflected XSS. This issue affects Search engine keywords highlighter: from n/a through 0.1.3. | |||||
| CVE-2025-3157 | 2025-04-03 | N/A | 2.4 LOW | ||
| A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected. | |||||
| CVE-2025-31900 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16. | |||||
| CVE-2023-4250 | 1 Metagauss | 1 Eventprime | 2025-04-03 | N/A | 6.1 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2007-5954 | 1 Jlmforo System | 1 Jlmforo System | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2025-31899 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2. | |||||
| CVE-2025-31467 | 2025-04-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flickr Photostream allows Reflected XSS. This issue affects Flickr Photostream: from n/a through 3.1.8. | |||||