Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-03 | N/A | 6.1 MEDIUM |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | |||||
| CVE-2023-30177 | 1 Craftcms | 1 Craft Cms | 2025-02-03 | N/A | 6.1 MEDIUM |
| CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | |||||
| CVE-2023-30111 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | N/A | 6.1 MEDIUM |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-27979 | 1 Tooljet | 1 Tooljet | 2025-02-03 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | |||||
| CVE-2023-30267 | 1 Cltphp | 1 Cltphp | 2025-02-03 | N/A | 6.1 MEDIUM |
| CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | |||||
| CVE-2023-29836 | 1 Exelysis | 1 Exelysis Unified Communications Solution | 2025-02-03 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | |||||
| CVE-2023-30106 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | N/A | 6.1 MEDIUM |
| Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | |||||
| CVE-2024-3997 | 1 Bdthemes | 1 Prime Slider | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3718 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-02-03 | N/A | 5.4 MEDIUM |
| The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-4702 | 1 Kraftplugins | 1 Mega Elements | 2025-02-03 | N/A | 5.4 MEDIUM |
| The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-23522 | 1 Strategy11 | 1 Formidable Forms | 2025-02-03 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. | |||||
| CVE-2024-37922 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-02-03 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.34. | |||||
| CVE-2024-41665 | 1 Ampache | 1 Ampache | 2025-02-03 | N/A | 5.4 MEDIUM |
| Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue. | |||||
| CVE-2024-4866 | 1 Codeastrology | 1 Ultraaddons | 2025-02-03 | N/A | 5.4 MEDIUM |
| The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-24656 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2. | |||||
| CVE-2025-24660 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages allows Reflected XSS. This issue affects Simple Membership Custom Messages: from n/a through 2.4. | |||||
| CVE-2025-23685 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RomanCart allows Reflected XSS. This issue affects RomanCart: from n/a through 0.0.2. | |||||
| CVE-2025-24631 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5. | |||||
| CVE-2025-23590 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burtay Arat Dezdy allows Reflected XSS. This issue affects Dezdy: from n/a through 1.0. | |||||
| CVE-2025-23599 | 2025-02-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0. | |||||