Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26775 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2025-03-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4. | ||||
| CVE-2025-27704 | 2025-03-19 | N/A | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none. | ||||
| CVE-2025-27705 | 2025-03-19 | N/A | ||
| There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none. | ||||
| CVE-2021-45422 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-03-19 | 6.1 Medium |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. | ||||
| CVE-2019-13029 | 1 Vanderbilt | 1 Redcap | 2025-03-19 | N/A |
| Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | ||||
| CVE-2018-6867 | 1 Alibaba Clone Script Project | 1 Alibaba Clone Script | 2025-03-19 | N/A |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | ||||
| CVE-2025-0554 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 4.4 Medium |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-56242 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-19 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14. | ||||
| CVE-2024-29915 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. | ||||
| CVE-2024-25920 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. | ||||
| CVE-2025-30196 | 2025-03-19 | 6.5 Medium | ||
| Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step. | ||||
| CVE-2025-25625 | 2025-03-19 | 5.4 Medium | ||
| A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages which then present the user name without encoding special characters will then cause the injected code to be parsed by the browsers of other users accessing the web interface. | ||||
| CVE-2025-0443 | 2025-03-19 | 8.8 High | ||
| Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-55060 | 2025-03-19 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-28803 | 2025-03-19 | 6.1 Medium | ||
| Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter | ||||
| CVE-2024-22880 | 2025-03-19 | 4.7 Medium | ||
| Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. | ||||
| CVE-2024-21686 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-03-19 | 8.7 High |
| This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program. | ||||
| CVE-2023-25763 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 5.4 Medium |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | ||||
| CVE-2023-25762 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2025-03-19 | 5.4 Medium |
| Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | ||||
| CVE-2020-19825 | 1 Kimai | 1 Kimai | 2025-03-19 | 9.6 Critical |
| Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | ||||