Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0371 | 1 Embedsocial | 1 Embedsocial | 2025-03-13 | 5.4 Medium |
| The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-4786 | 1 Video.js Project | 1 Video.js | 2025-03-13 | 5.4 Medium |
| The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-4752 | 1 Opening Hours Project | 1 Opening Hours | 2025-03-13 | 5.4 Medium |
| The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2025-23072 | 2025-03-13 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
| CVE-2024-4424 | 2025-03-13 | 6.1 Medium | ||
| The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products. | ||||
| CVE-2024-41349 | 1 Cdevroe | 1 Unmark | 2025-03-13 | 6.1 Medium |
| unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. | ||||
| CVE-2024-41333 | 1 Phpgurukul | 1 Tourism Management System | 2025-03-13 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter. | ||||
| CVE-2025-22219 | 2025-03-13 | 6.8 Medium | ||
| VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. | ||||
| CVE-2024-4381 | 1 Wielebenwir | 1 Commonsbooking | 2025-03-13 | 4.8 Medium |
| The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-44819 | 1 Zzcms | 1 Zzcms | 2025-03-13 | 6.1 Medium |
| Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component. | ||||
| CVE-2024-35284 | 2025-03-13 | 5.4 Medium | ||
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. | ||||
| CVE-2024-33111 | 2025-03-13 | 5.4 Medium | ||
| D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | ||||
| CVE-2024-32341 | 2025-03-13 | 5.4 Medium | ||
| Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters. | ||||
| CVE-2024-31847 | 1 Italtel | 1 Embrace | 2025-03-13 | 6.1 Medium |
| An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. | ||||
| CVE-2024-29472 | 1 Zhyd | 1 Oneblog | 2025-03-13 | 5.4 Medium |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. | ||||
| CVE-2024-29318 | 1 Personal-management-system | 1 Personal Management System | 2025-03-13 | 5.4 Medium |
| Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code. | ||||
| CVE-2024-28761 | 1 Ibm | 1 App Connect Enterprise | 2025-03-13 | 5.4 Medium |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245. | ||||
| CVE-2024-26489 | 1 Flusity | 1 Flusity | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. | ||||
| CVE-2024-25218 | 1 Task Manager In Php With Source Code Project | 1 Task Manager In Php With Source Code | 2025-03-13 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | ||||
| CVE-2024-0756 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2025-03-13 | 5.4 Medium |
| The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. | ||||