Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50053 | 2025-03-21 | 6.3 Medium | ||
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | ||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2025-03-20 | 6.1 Medium |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
| CVE-2024-41937 | 1 Apache | 1 Airflow | 2025-03-20 | 6.1 Medium |
| Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability. | ||||
| CVE-2024-40599 | 1 Mediawiki | 1 Mediawiki | 2025-03-20 | 4.8 Medium |
| An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. | ||||
| CVE-2024-38953 | 1 Phpok | 1 Phpok | 2025-03-20 | 6.1 Medium |
| phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | ||||
| CVE-2023-22376 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2025-03-20 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | ||||
| CVE-2022-4905 | 1 Udx | 1 Stateless Media Plugin | 2025-03-20 | 3.5 Low |
| A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The patch is identified as 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-24522 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application. | ||||
| CVE-2023-24525 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2025-03-20 | 4.3 Medium |
| SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application. | ||||
| CVE-2023-24529 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2025-03-20 | 6.1 Medium |
| Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information. | ||||
| CVE-2023-25614 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application. | ||||
| CVE-2024-28070 | 2025-03-20 | 6.8 Medium | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. | ||||
| CVE-2023-42307 | 1 Code-projects | 1 Exam Form Submission | 2025-03-20 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section. | ||||
| CVE-2024-4400 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-20 | 6.4 Medium |
| The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-34558 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2025-03-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | ||||
| CVE-2024-34553 | 1 Select-themes | 1 Stockholm Core | 2025-03-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. | ||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-03-20 | 6.1 Medium |
| SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | ||||
| CVE-2024-28128 | 1 Cleancoder | 1 Fitnesse | 2025-03-20 | 6.1 Medium |
| Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. | ||||
| CVE-2022-4656 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-03-20 | 5.4 Medium |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2025-03-20 | 6.2 Medium |
| Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | ||||