Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24369 | 1 Ujcms | 1 Ujcms | 2025-03-18 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | ||||
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2025-03-18 | 6.1 Medium |
| The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | ||||
| CVE-2022-25978 | 1 Usememos | 1 Memos | 2025-03-18 | 5.4 Medium |
| All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | ||||
| CVE-2025-26972 | 2025-03-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | ||||
| CVE-2023-0878 | 1 Nuxt | 1 Nuxt | 2025-03-18 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. | ||||
| CVE-2023-0879 | 1 Btcpayserver | 1 Btcpay Server | 2025-03-18 | 6.3 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | ||||
| CVE-2024-43304 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. | ||||
| CVE-2025-2491 | 2025-03-18 | 2.4 Low | ||
| A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-56312 | 2025-03-18 | 5.4 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | ||||
| CVE-2024-4970 | 1 Devnath Verma | 1 Widget Bundle | 2025-03-18 | 6.1 Medium |
| The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2025-03-18 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | ||||
| CVE-2024-39248 | 1 Fikeulous | 1 Simpcms | 2025-03-18 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. | ||||
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2025-03-18 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | ||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | 7.5 High |
| Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | ||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2025-03-18 | 6.1 Medium |
| An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | ||||
| CVE-2023-0840 | 1 Phpcrazy Project | 1 Phpcrazy | 2025-03-18 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-34091 | 1 Archerirm | 1 Archer | 2025-03-18 | 7.3 High |
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. | ||||
| CVE-2025-29771 | 2025-03-18 | N/A | ||
| HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3. | ||||
| CVE-2025-2490 | 2025-03-18 | 2.4 Low | ||
| A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-5529 | 2 Holoborodko, Pavel Holoborodko | 2 Wp Quicklatex, Wp Quicklatex | 2025-03-18 | 4.8 Medium |
| The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||