Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29782 | 1 Wegia | 1 Wegia | 2025-03-25 | N/A | 5.4 MEDIUM |
| WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue. | |||||
| CVE-2025-2325 | 1 Boopathirajan | 1 Wp Test Email | 2025-03-25 | N/A | 6.1 MEDIUM |
| The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-26318 | 1 Serenity | 1 Serenity | 2025-03-25 | N/A | 6.1 MEDIUM |
| Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. | |||||
| CVE-2024-3992 | 1 Joshua Vandercar | 1 Amen | 2025-03-25 | N/A | 4.8 MEDIUM |
| The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||||
| CVE-2024-4860 | 1 Rebelcode | 1 Rss Aggregator | 2025-03-25 | N/A | 6.1 MEDIUM |
| The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. | |||||
| CVE-2024-41482 | 1 Typora | 1 Typora | 2025-03-25 | N/A | 6.1 MEDIUM |
| Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. | |||||
| CVE-2024-46372 | 1 Dedecms | 1 Dedecms | 2025-03-25 | N/A | 6.1 MEDIUM |
| DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | |||||
| CVE-2024-43024 | 1 Rws | 1 Multitrans | 2025-03-25 | N/A | 6.1 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-7524 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-25 | N/A | 6.1 MEDIUM |
| Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | |||||
| CVE-2024-7790 | 1 Stitionai | 1 Devika | 2025-03-25 | N/A | 5.4 MEDIUM |
| A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. | |||||
| CVE-2024-43025 | 1 Rws | 1 Multitrans | 2025-03-25 | N/A | 6.1 MEDIUM |
| An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | |||||
| CVE-2024-45836 | 1 Planex | 10 Cs-qr10, Cs-qr10 Firmware, Cs-qr20 and 7 more | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. | |||||
| CVE-2024-47048 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-25 | N/A | 5.4 MEDIUM |
| Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | |||||
| CVE-2024-48706 | 1 O-dyn | 1 Collabtive | 2025-03-25 | N/A | 5.4 MEDIUM |
| Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | |||||
| CVE-2024-46934 | 1 Rocket.chat | 1 Rocket.chat | 2025-03-25 | N/A | 6.1 MEDIUM |
| Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-28709 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | |||||
| CVE-2024-34312 | 1 Moodle | 1 Virtual Programming Lab | 2025-03-25 | N/A | 6.1 MEDIUM |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | |||||
| CVE-2024-28710 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | |||||