Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44024 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | |||||
| CVE-2025-2163 | 1 Zoorum | 1 Zoorum Comments | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-26284 | 1 Mozilla | 1 Firefox Focus | 2025-03-28 | N/A | 6.1 MEDIUM |
| Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123. | |||||
| CVE-2025-24746 | 1 Code-atlantic | 1 Popup Maker | 2025-03-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2. | |||||
| CVE-2024-27668 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 6.1 MEDIUM |
| Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' | |||||
| CVE-2022-44025 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. | |||||
| CVE-2024-34089 | 1 Archerirm | 1 Archer | 2025-03-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. | |||||
| CVE-2022-44029 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. | |||||
| CVE-2024-25436 | 1 Sfu | 1 Open Journal Systems | 2025-03-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | |||||
| CVE-2023-33528 | 1 Halo | 1 Halo | 2025-03-28 | N/A | 6.1 MEDIUM |
| halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2024-28401 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-03-28 | N/A | 5.4 MEDIUM |
| TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | |||||
| CVE-2024-12599 | 1 Hasthemes | 1 Ht Mega | 2025-03-28 | N/A | 6.1 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1159 | 1 Campcodes | 1 School Management Software | 2025-03-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-44027 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. | |||||
| CVE-2022-44028 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. | |||||
| CVE-2022-44026 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. | |||||
| CVE-2025-27574 | 2025-03-28 | N/A | N/A | ||
| Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. | |||||
| CVE-2025-31090 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector allows Stored XSS. This issue affects Dropdown Multisite selector: from n/a through n/a. | |||||
| CVE-2025-27567 | 2025-03-28 | N/A | N/A | ||
| Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. | |||||
| CVE-2025-31434 | 2025-03-28 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.19. | |||||