Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41375 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | |||||
| CVE-2024-41374 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | |||||
| CVE-2023-51325 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-04-22 | N/A | 5.4 MEDIUM |
| PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | |||||
| CVE-2023-51330 | 1 Phpjabbers | 1 Cinema Booking System | 2025-04-22 | N/A | 5.4 MEDIUM |
| PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | |||||
| CVE-2025-25958 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. | |||||
| CVE-2025-25960 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. | |||||
| CVE-2025-32176 | 2025-04-22 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator Gallery Blocks with Lightbox allows Stored XSS.This issue affects Gallery Blocks with Lightbox: from n/a through 3.2.5. | |||||
| CVE-2022-45028 | 1 Arris | 2 Nvg443b, Nvg443b Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | |||||
| CVE-2022-44575 | 1 Siemens | 1 Plm Help Server | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. | |||||
| CVE-2022-46350 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | |||||
| CVE-2022-46073 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | N/A | 6.1 MEDIUM |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2020-9419 | 1 Arcadyan | 2 Vrv9506jac23, Vrv9506jac23 Firmware | 2025-04-22 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard. | |||||
| CVE-2025-0448 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-0447 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
| Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-0443 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 8.8 HIGH |
| Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2020-36607 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2020-20589 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2021-39427 | 1 Vtimecn | 1 188jianzhan | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. | |||||
| CVE-2021-36573 | 1 Feehi | 1 Feehicms | 2025-04-21 | N/A | 5.4 MEDIUM |
| File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. | |||||