Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45176 | 1 C-mor | 1 C-mor | 2025-03-17 | N/A | 6.1 MEDIUM |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. | |||||
| CVE-2024-43112 | 1 Mozilla | 1 Firefox | 2025-03-17 | N/A | 6.1 MEDIUM |
| Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2023-35859 | 1 Moderncampus | 1 Omni Cms | 2025-03-17 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | |||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | |||||
| CVE-2023-26235 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | N/A | 6.1 MEDIUM |
| JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. | |||||
| CVE-2024-27183 | 1 Dj-extensions | 1 Dj-helpfularticles | 2025-03-17 | N/A | 6.1 MEDIUM |
| XSS vulnerability in DJ-HelpfulArticles component for Joomla. | |||||
| CVE-2025-28871 | 1 Jwpegram | 1 Block Spam By Math Reloaded | 2025-03-17 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | |||||
| CVE-2025-26918 | 1 Eniture | 1 Small Package Quotes | 2025-03-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Reflected XSS. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9. | |||||
| CVE-2025-23526 | 1 Swiftcloud | 1 Swift Calendar Online Appointment Scheduling | 2025-03-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Swift Calendar Online Appointment Scheduling allows Reflected XSS. This issue affects Swift Calendar Online Appointment Scheduling: from n/a through 1.3.3. | |||||
| CVE-2025-28879 | 1 Aumsrini | 1 Bee Layer Slider | 2025-03-17 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1. | |||||
| CVE-2023-47786 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions. | |||||
| CVE-2022-1153 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | 3.5 LOW | 4.8 MEDIUM |
| The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2025-27102 | 2025-03-17 | N/A | N/A | ||
| Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue. | |||||
| CVE-2024-38454 | 1 Expressionengine | 1 Expressionengine | 2025-03-17 | N/A | 6.1 MEDIUM |
| ExpressionEngine before 7.4.11 allows XSS. | |||||
| CVE-2024-13578 | 1 Infinitescript | 1 Wp-bibtex | 2025-03-17 | N/A | 5.4 MEDIUM |
| The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-2366 | 2025-03-17 | N/A | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2364 | 2025-03-17 | N/A | 3.5 LOW | ||
| A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2354 | 2025-03-17 | N/A | 4.3 MEDIUM | ||
| A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2352 | 2025-03-16 | N/A | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2340 | 2025-03-16 | N/A | 2.4 LOW | ||
| A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | |||||