Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27926 | 1 Zimbra | 1 Collaboration | 2025-03-13 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. | ||||
| CVE-2025-2085 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | 3.5 Low |
| A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-23081 | 2025-03-13 | 6.1 Medium | ||
| Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
| CVE-2025-23057 | 2025-03-13 | 5.5 Medium | ||
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | ||||
| CVE-2025-23056 | 2025-03-13 | 5.5 Medium | ||
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | ||||
| CVE-2025-22775 | 2025-03-13 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3. | ||||
| CVE-2024-44717 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-42904 | 1 Syspass | 1 Syspass | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php. | ||||
| CVE-2024-36599 | 1 Aegon | 1 Life Insurance Management System | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | ||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2025-03-13 | 5.4 Medium |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | ||||
| CVE-2023-48082 | 1 Nagios | 1 Xi | 2025-03-13 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2025-23055 | 2025-03-13 | 5.5 Medium | ||
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | ||||
| CVE-2025-22221 | 2025-03-13 | 5.2 Medium | ||
| VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | ||||
| CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2025-03-13 | 6.1 Medium |
| The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-56527 | 2025-03-13 | 7.5 High | ||
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | ||||
| CVE-2024-48937 | 1 Znuny | 1 Znuny | 2025-03-13 | 6.1 Medium |
| Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | ||||
| CVE-2024-44716 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-43437 | 2025-03-13 | 5.4 Medium | ||
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | ||||
| CVE-2024-3986 | 1 Themeboy | 1 Sportspress | 2025-03-13 | 4.8 Medium |
| The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-39126 | 1 Roundup-tracker | 1 Roundup | 2025-03-13 | 5.4 Medium |
| Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | ||||