Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24195 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | |||||
| CVE-2021-37378 | 1 Teradke | 4 Cube, Cube Firmware, Cube Pro and 1 more | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37373 | 1 Teradek | 2 Slice, Slice Firmware | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2023-23636 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||
| CVE-2023-24191 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | |||||
| CVE-2023-24194 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | |||||
| CVE-2023-24192 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | |||||
| CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2025-03-26 | N/A | 5.4 MEDIUM |
| DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | |||||
| CVE-2023-23635 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||
| CVE-2025-2623 | 1 Westboy | 1 Cicadascms | 2025-03-26 | N/A | 5.4 MEDIUM |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1802 | 1 Hasthemes | 1 Ht Mega | 2025-03-26 | N/A | 5.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.3. | |||||
| CVE-2021-36712 | 1 Yzmcms | 1 Yzmcms | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | |||||
| CVE-2021-36545 | 1 Tpcms Project | 1 Tpcms | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | |||||
| CVE-2021-36538 | 1 Gurock | 1 Testrail | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | |||||
| CVE-2025-27406 | 2025-03-26 | N/A | N/A | ||
| Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings. | |||||
| CVE-2022-47131 | 1 Creativeitem | 1 Academy Lms | 2025-03-26 | N/A | 4.8 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | |||||
| CVE-2025-28924 | 2025-03-26 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ZenphotoPress allows Reflected XSS. This issue affects ZenphotoPress: from n/a through 1.8. | |||||
| CVE-2025-26747 | 2025-03-26 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7. | |||||
| CVE-2025-23666 | 2025-03-26 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Management-screen-droptiles allows Reflected XSS. This issue affects Management-screen-droptiles: from n/a through 1.0. | |||||
| CVE-2025-23680 | 2025-03-26 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Narnoo Operator allows Reflected XSS. This issue affects Narnoo Operator: from n/a through 2.0.0. | |||||