Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2025-03-18 | N/A | 6.1 MEDIUM |
| The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | |||||
| CVE-2024-41587 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-18 | N/A | 5.4 MEDIUM |
| Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | |||||
| CVE-2023-24769 | 1 Changedetection | 1 Changedetection | 2025-03-18 | N/A | 5.4 MEDIUM |
| Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function. | |||||
| CVE-2023-24369 | 1 Ujcms | 1 Ujcms | 2025-03-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | |||||
| CVE-2022-25978 | 1 Usememos | 1 Memos | 2025-03-18 | N/A | 6.1 MEDIUM |
| All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | |||||
| CVE-2024-43304 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. | |||||
| CVE-2025-2491 | 2025-03-18 | N/A | 2.4 LOW | ||
| A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | N/A | 6.1 MEDIUM |
| Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | |||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2025-03-18 | N/A | 6.1 MEDIUM |
| An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | |||||
| CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2025-03-18 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | |||||
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2025-03-18 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | |||||
| CVE-2024-4970 | 1 Devnath Verma | 1 Widget Bundle | 2025-03-18 | N/A | 4.8 MEDIUM |
| The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-39248 | 1 Fikeulous | 1 Simpcms | 2025-03-18 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. | |||||
| CVE-2024-5529 | 1 Holoborodko | 1 Wp Quicklatex | 2025-03-18 | N/A | 4.8 MEDIUM |
| The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-23786 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-18 | N/A | 9.3 CRITICAL |
| Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | |||||
| CVE-2025-2490 | 2025-03-18 | N/A | 2.4 LOW | ||
| A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45180 | 1 Squaredup | 1 Squaredup Ds For Scom | 2025-03-18 | N/A | 5.4 MEDIUM |
| SquaredUp DS for SCOM 6.2.1.11104 allows XSS. | |||||
| CVE-2024-13564 | 1 Apollo13 | 1 Rife Elementor Extensions \& Templates | 2025-03-18 | N/A | 5.4 MEDIUM |
| The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-2495 | 2025-03-18 | N/A | N/A | ||
| Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the ‘/softdial/scheduler/load.php’ resource and can redirect the victim to malicious sites or steal their login information to spoof their identity. | |||||
| CVE-2024-37624 | 1 Rockoa | 1 Xinhu | 2025-03-17 | N/A | 6.1 MEDIUM |
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. | |||||