Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10208 | 2025-03-25 | N/A | N/A | ||
| An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session. | |||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2025-03-24 | N/A | 6.1 MEDIUM |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | |||||
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | |||||
| CVE-2023-24690 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 5.4 MEDIUM |
| ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | |||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | N/A | 5.4 MEDIUM |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | |||||
| CVE-2023-24686 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 4.8 MEDIUM |
| An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | |||||
| CVE-2025-1261 | 1 Hasthemes | 1 Ht Mega | 2025-03-24 | N/A | 5.4 MEDIUM |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability exists due to an incomplete fix for CVE-2024-3307. | |||||
| CVE-2025-1287 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | |||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
| CVE-2022-44261 | 1 Averydennison | 2 Monarch Printer M9855, Monarch Printer M9855 Firmware | 2025-03-24 | N/A | 6.1 MEDIUM |
| Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | |||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | |||||
| CVE-2022-45285 | 1 Vsourz | 1 Advanced Cf7 Db | 2025-03-24 | N/A | 6.1 MEDIUM |
| Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | |||||
| CVE-2025-1324 | 1 Plechevandrey | 1 Wp-recall | 2025-03-24 | N/A | 5.4 MEDIUM |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1783 | 1 Tiptoppress | 1 Gallery Styles | 2025-03-24 | N/A | 5.4 MEDIUM |
| The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1526 | 1 Detheme | 1 Dethemekit For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1517 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1527 | 1 Hasthemes | 1 Shoplentor | 2025-03-24 | N/A | 5.4 MEDIUM |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||