Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-06-02 | N/A | 5.4 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | |||||
| CVE-2024-20270 | 1 Cisco | 2 Broadworks Application Delivery Platform, Broadworks Xtended Services Platform | 2025-06-02 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2023-6732 | 1 Supsystic | 1 Ultimate Maps | 2025-06-02 | N/A | 4.8 MEDIUM |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-0238 | 1 Myeventon | 1 Eventon | 2025-06-02 | N/A | 6.1 MEDIUM |
| The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. | |||||
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2025-06-02 | N/A | 6.1 MEDIUM |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | |||||
| CVE-2024-21726 | 1 Joomla | 1 Joomla\! | 2025-06-02 | N/A | N/A |
| Inadequate content filtering leads to XSS vulnerabilities in various components. | |||||
| CVE-2024-22569 | 1 Poscms | 1 Poscms | 2025-05-30 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | |||||
| CVE-2024-6487 | 1 Data443 | 1 Inline Related Posts | 2025-05-30 | N/A | N/A |
| The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-6021 | 1 Bharatkambariya | 1 Donation Block For Paypal | 2025-05-30 | N/A | N/A |
| The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability | |||||
| CVE-2024-3113 | 1 Devsabbirahmed | 1 Simple Form | 2025-05-30 | N/A | N/A |
| The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | N/A |
| ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | N/A |
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | |||||
| CVE-2025-47933 | 2025-05-30 | N/A | N/A | ||
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4. | |||||
| CVE-2025-4944 | 2025-05-30 | N/A | 6.4 MEDIUM | ||
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-31223 | 1 Dradisframework | 1 Dradis | 2025-05-30 | N/A | 5.4 MEDIUM |
| Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | |||||
| CVE-2018-10208 | 1 Vaultize | 1 Enterprise File Sharing | 2025-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI. | |||||
| CVE-2022-24967 | 1 Blackrainbow | 1 Nimbus | 2025-05-30 | 3.5 LOW | 5.4 MEDIUM |
| Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | |||||
| CVE-2018-10213 | 1 Vaultize | 1 Enterprise File Sharing | 2025-05-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it. | |||||
| CVE-2022-37028 | 1 Iris | 1 Isams | 2025-05-30 | N/A | 5.4 MEDIUM |
| ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application. | |||||
| CVE-2022-38481 | 1 Mega | 1 Hopex | 2025-05-30 | N/A | 6.1 MEDIUM |
| An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features. | |||||