Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2025-03-13 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | |||||
| CVE-2025-2086 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2087 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2085 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-44717 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-36599 | 1 Aegon | 1 Life Insurance Management System | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | |||||
| CVE-2024-42904 | 1 Syspass | 1 Syspass | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | |||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2025-03-13 | N/A | 5.4 MEDIUM |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | |||||
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2025-03-13 | N/A | 6.1 MEDIUM |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||||
| CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2025-03-13 | N/A | 4.8 MEDIUM |
| The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-3986 | 1 Themeboy | 1 Sportspress | 2025-03-13 | N/A | 4.8 MEDIUM |
| The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-48937 | 1 Znuny | 1 Znuny | 2025-03-13 | N/A | 6.1 MEDIUM |
| Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | |||||
| CVE-2024-44716 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-24507 | 1 Act-on | 1 Act-on | 2025-03-13 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. | |||||
| CVE-2024-37878 | 1 Twcms | 1 Twcms | 2025-03-13 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | |||||
| CVE-2024-39126 | 1 Roundup-tracker | 1 Roundup | 2025-03-13 | N/A | 5.4 MEDIUM |
| Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | |||||
| CVE-2024-5901 | 1 Siteorigin | 1 Siteorigin Widgets Bundle | 2025-03-13 | N/A | 5.4 MEDIUM |
| The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-47632 | 1 Detheme | 1 Dethemekit For Elementor | 2025-03-13 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7. | |||||
| CVE-2024-47360 | 1 Ba-booking | 1 Ba Book Everything | 2025-03-13 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20. | |||||
| CVE-2024-39203 | 1 Zblogcn | 1 Z-blogphp | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||