Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47701 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2025-03-27 | N/A | 6.1 MEDIUM |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-7115 | 1 Pagelayer | 1 Pagelayer | 2025-03-27 | N/A | 4.8 MEDIUM |
| The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-23078 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | |||||
| CVE-2024-37680 | 1 Finesoft Project | 1 Finesoft | 2025-03-27 | N/A | 6.1 MEDIUM |
| Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl. | |||||
| CVE-2024-3548 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-03-27 | N/A | 6.1 MEDIUM |
| The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-23077 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | |||||
| CVE-2023-23073 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | |||||
| CVE-2024-25292 | 1 Martinbarker | 1 Rendertune | 2025-03-27 | N/A | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. | |||||
| CVE-2022-44897 | 1 Apollotheme | 1 Ap Pagebuilder | 2025-03-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. | |||||
| CVE-2024-27278 | 1 Openpne | 1 Optimelineplugin | 2025-03-27 | N/A | 5.4 MEDIUM |
| OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users. | |||||
| CVE-2023-23075 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | |||||
| CVE-2022-4898 | 1 Octopus | 1 Octopus Server | 2025-03-27 | N/A | 5.4 MEDIUM |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | |||||
| CVE-2023-23074 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | |||||
| CVE-2024-22855 | 1 Itssglobal | 1 Imlog | 2025-03-27 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. | |||||
| CVE-2023-39612 | 1 Filebrowser | 1 Filebrowser | 2025-03-27 | N/A | 9.0 CRITICAL |
| A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. | |||||
| CVE-2025-30345 | 1 Openslides | 1 Openslides | 2025-03-27 | N/A | 4.1 MEDIUM |
| An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when deleting chats or deleting messages in these chats. This potentially allows attackers to interfere with the layout of the rendered website, but it is unlikely that victims would click on deleted chats or deleted messages. | |||||
| CVE-2025-30342 | 1 Openslides | 1 Openslides | 2025-03-27 | N/A | 6.1 MEDIUM |
| An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly encoded when reflected; however, adding attributes to links is possible, which allows the injection of JavaScript via the onmouseover attribute and others. When a user moves the mouse over such a prepared link, JavaScript is executed in that user's session. | |||||
| CVE-2024-50053 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcentre Plus | 2025-03-27 | N/A | 5.4 MEDIUM |
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | |||||
| CVE-2025-30847 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashley Novelist allows Stored XSS. This issue affects Novelist: from n/a through 1.2.3. | |||||
| CVE-2025-30776 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.8. | |||||