Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2888 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-19 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | ||||
| CVE-2024-34811 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. | ||||
| CVE-2024-33928 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2025-03-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0. | ||||
| CVE-2024-50656 | 1 Angeljudesuarez | 1 Placement Management System | 2025-03-19 | 6.1 Medium |
| itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | ||||
| CVE-2024-44684 | 1 Tpmecms | 1 Tpmecms | 2025-03-19 | 6.1 Medium |
| TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | ||||
| CVE-2024-44449 | 2025-03-19 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page. | ||||
| CVE-2024-41599 | 1 Ruoyi | 1 Ruoyi | 2025-03-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | ||||
| CVE-2024-3973 | 2025-03-19 | 4.8 Medium | ||
| The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-39125 | 1 Roundup-tracker | 1 Roundup | 2025-03-19 | 5.4 Medium |
| Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | ||||
| CVE-2023-43971 | 1 Lizhipay | 1 Acg-faka | 2025-03-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php. | ||||
| CVE-2022-45543 | 1 Discuz | 1 Discuzx | 2025-03-19 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | ||||
| CVE-2024-53970 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-53969 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | ||||
| CVE-2025-22759 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2025-03-19 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4. | ||||
| CVE-2025-22760 | 1 Codebard | 1 Codebard Help Desk | 2025-03-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through 1.1.2. | ||||
| CVE-2024-53968 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | ||||
| CVE-2024-53967 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | ||||
| CVE-2023-25764 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 5.4 Medium |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | ||||
| CVE-2023-25761 | 2 Jenkins, Redhat | 3 Junit, Ocp Tools, Openshift | 2025-03-19 | 5.4 Medium |
| Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | ||||
| CVE-2021-23980 | 2 Mozilla, Redhat | 2 Bleach, Ansible Automation Platform | 2025-03-19 | 6.1 Medium |
| A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. | ||||