Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28153 | 1 Jenkins | 1 Owasp Dependency-check | 2025-03-25 | N/A | 5.4 MEDIUM |
| Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2024-33536 | 1 Zimbra | 1 Collaboration | 2025-03-25 | N/A | 5.4 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | |||||
| CVE-2024-40785 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-25 | N/A | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2024-1434 | 1 Jordymeow | 1 Media Alt Renamer | 2025-03-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1. | |||||
| CVE-2023-48432 | 1 Zimbra | 1 Collaboration | 2025-03-25 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. | |||||
| CVE-2024-45429 | 1 Wpengine | 1 Advanced Custom Fields | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's. | |||||
| CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2025-03-25 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | |||||
| CVE-2023-23026 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | |||||
| CVE-2022-47415 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | |||||
| CVE-2025-26742 | 2025-03-25 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35. | |||||
| CVE-2022-47418 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | |||||
| CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2025-03-25 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | |||||
| CVE-2022-47417 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | N/A | 5.4 MEDIUM |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | |||||
| CVE-2023-23011 | 1 Invoiceplane | 1 Invoiceplane | 2025-03-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | |||||
| CVE-2022-47413 | 1 Openkm | 1 Openkm | 2025-03-25 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | |||||
| CVE-2024-47227 | 1 Iredmail | 1 Iredadmin | 2025-03-25 | N/A | 6.1 MEDIUM |
| iRedAdmin before 2.6 allows XSS, e.g., via order_name. | |||||
| CVE-2022-47414 | 1 Openkm | 1 Openkm | 2025-03-25 | N/A | 5.4 MEDIUM |
| If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | |||||
| CVE-2025-23199 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 5.4 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23200 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 5.4 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23201 | 1 Librenms | 1 Librenms | 2025-03-25 | N/A | 6.1 MEDIUM |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||