Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | |||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | |||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 3.5 LOW | 5.5 MEDIUM |
| The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2024-25344 | 1 Itflow | 1 Itflow | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. | |||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | |||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | N/A | 9.0 CRITICAL |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | |||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2025-04-25 | N/A | 9.0 CRITICAL |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | |||||
| CVE-2022-0698 | 1 Microweber | 1 Microweber | 2025-04-25 | N/A | 6.1 MEDIUM |
| Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | |||||
| CVE-2022-42100 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | |||||
| CVE-2025-2069 | 2025-04-25 | N/A | 5.0 MEDIUM | ||
| A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. | |||||
| CVE-2024-56156 | 2025-04-25 | N/A | N/A | ||
| Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13. | |||||
| CVE-2022-44279 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-25 | N/A | 6.1 MEDIUM |
| Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | |||||
| CVE-2025-46618 | 2025-04-25 | N/A | 3.5 LOW | ||
| In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | |||||
| CVE-2025-3643 | 2025-04-25 | N/A | 5.4 MEDIUM | ||
| A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. | |||||
| CVE-2022-44355 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-04-25 | N/A | 6.1 MEDIUM |
| SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | |||||
| CVE-2022-36433 | 1 Amasty | 1 Amasty Blog Pro | 2025-04-25 | N/A | 6.1 MEDIUM |
| The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. | |||||
| CVE-2022-36137 | 1 Churchcrm | 1 Churchcrm | 2025-04-25 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. | |||||
| CVE-2022-36136 | 1 Churchcrm | 1 Churchcrm | 2025-04-25 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. | |||||
| CVE-2021-31740 | 1 Seppmail | 1 Seppmail | 2025-04-25 | N/A | 6.1 MEDIUM |
| SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS). | |||||
| CVE-2020-21219 | 1 Netgate | 2 Acme, Pfsense | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | |||||