Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5475 | 1 Lepileppanen | 1 Responsive Video Embed | 2025-06-17 | N/A | N/A |
| The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-4749 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-06-17 | N/A | N/A |
| The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-40361 | 1 Elitecms | 1 Elite Cms | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. | |||||
| CVE-2023-40262 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-06-17 | N/A | 6.1 MEDIUM |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request. | |||||
| CVE-2023-40355 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | |||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2025-06-17 | N/A | 6.1 MEDIUM |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | |||||
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||||
| CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 6.1 MEDIUM |
| WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | |||||
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2025-06-17 | N/A | 5.4 MEDIUM |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | |||||
| CVE-2023-50092 | 1 Apiida | 1 Api Gateway Manager | 2025-06-17 | N/A | 6.1 MEDIUM |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | N/A | 6.1 MEDIUM |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | |||||
| CVE-2023-52329 | 1 Trendmicro | 1 Apex Central | 2025-06-17 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | |||||
| CVE-2023-52274 | 1 Yzmcms | 1 Yzmcms | 2025-06-17 | N/A | 6.1 MEDIUM |
| member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | |||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2025-06-17 | N/A | 6.1 MEDIUM |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-36236 | 1 Webkul | 1 Bagisto | 2025-06-17 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. | |||||
| CVE-2023-25295 | 1 Gruen | 1 Evewa3 | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. | |||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2025-06-17 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | |||||
| CVE-2025-5011 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | N/A | 4.7 MEDIUM |
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5010 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | N/A | 4.7 MEDIUM |
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||