Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43635 | 1 Codexnotes | 1 Codex | 2025-06-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | |||||
| CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2025-06-20 | N/A | 6.1 MEDIUM |
| A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2024-22549 | 1 Flycms Project | 1 Flycms | 2025-06-20 | N/A | 5.4 MEDIUM |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | |||||
| CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2025-06-20 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | |||||
| CVE-2023-51946 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | N/A | 6.1 MEDIUM |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2023-52326 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | |||||
| CVE-2024-0606 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | N/A | 6.1 MEDIUM |
| An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | |||||
| CVE-2023-48104 | 1 Alinto | 1 Sogo | 2025-06-20 | N/A | 6.1 MEDIUM |
| Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. | |||||
| CVE-2024-0233 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 6.1 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-7084 | 1 Davidjmiller | 1 Voting Record | 2025-06-20 | N/A | 5.4 MEDIUM |
| The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks | |||||
| CVE-2023-6005 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 4.8 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-51807 | 1 Ofcms Project | 1 Ofcms | 2025-06-20 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component. | |||||
| CVE-2024-22714 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-06-20 | N/A | 6.1 MEDIUM |
| Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. | |||||
| CVE-2024-31914 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-06-20 | N/A | N/A |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-51472 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-06-20 | N/A | 3.1 LOW |
| IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2024-56056 | 1 Kmfoysal06 | 1 Simplecharm | 2025-06-20 | N/A | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3. | |||||
| CVE-2025-22531 | 1 Mbilalm | 1 Urdu Formatter | 2025-06-20 | N/A | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1. | |||||
| CVE-2024-23174 | 1 Mediawiki | 1 Mediawiki | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. | |||||
| CVE-2023-4757 | 1 Miniorange | 1 Staff \/ Employee Business Directory For Active Directory | 2025-06-20 | N/A | 5.4 MEDIUM |
| The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin. | |||||
| CVE-2023-3372 | 1 Lana | 1 Lana Shortcodes | 2025-06-20 | N/A | 5.4 MEDIUM |
| The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||