Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46445 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1. | |||||
| CVE-2025-46438 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2. | |||||
| CVE-2025-46261 | 2025-04-24 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0. | |||||
| CVE-2025-46260 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1. | |||||
| CVE-2025-46234 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1. | |||||
| CVE-2025-39408 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4. | |||||
| CVE-2025-39400 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a. | |||||
| CVE-2025-39397 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3. | |||||
| CVE-2025-39382 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. | |||||
| CVE-2025-29568 | 2025-04-24 | N/A | 4.8 MEDIUM | ||
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | |||||
| CVE-2022-46391 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2025-04-24 | N/A | 6.1 MEDIUM |
| AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | |||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3822 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-55451 | 1 Ujcms | 1 Ujcms | 2025-04-24 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens. | |||||
| CVE-2024-21494 | 1 Greenpau | 1 Caddy-security | 2025-04-24 | N/A | 5.4 MEDIUM |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | |||||
| CVE-2022-44944 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
| CVE-2022-43097 | 1 User Registration \& User Management System Project | 1 User Registration \& User Management System | 2025-04-24 | N/A | 5.4 MEDIUM |
| Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. | |||||
| CVE-2022-41830 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2025-04-24 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | |||||
| CVE-2023-51315 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-24 | N/A | 5.4 MEDIUM |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters. | |||||
| CVE-2023-44753 | 1 Mayurik | 1 Online Student Management System | 2025-04-24 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page. | |||||