Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23524 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ClickBank Storefront allows Reflected XSS. This issue affects ClickBank Storefront: from n/a through 1.7. | ||||
| CVE-2025-23536 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Track Page Scroll allows Reflected XSS. This issue affects Track Page Scroll: from n/a through 1.0.2. | ||||
| CVE-2025-23538 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Contest allows Reflected XSS. This issue affects WP Contest: from n/a through 1.0.0. | ||||
| CVE-2025-23539 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Awesome Hooks allows Reflected XSS. This issue affects Awesome Hooks: from n/a through 1.0.1. | ||||
| CVE-2025-23563 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Explore pages allows Reflected XSS. This issue affects Explore pages: from n/a through 1.01. | ||||
| CVE-2025-27412 | 2025-03-05 | 6.1 Medium | ||
| REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. | ||||
| CVE-2025-27676 | 2025-03-05 | 6.1 Medium | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002. | ||||
| CVE-2025-27654 | 2025-03-05 | 6.1 Medium | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. | ||||
| CVE-2025-27653 | 2025-03-05 | 6.1 Medium | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. | ||||
| CVE-2025-27637 | 2025-03-05 | 6.1 Medium | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. | ||||
| CVE-2025-22272 | 2025-03-05 | N/A | ||
| In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22270 | 2025-03-05 | N/A | ||
| An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-23564 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mohsenshahbazi WP FixTag allows Reflected XSS. This issue affects WP FixTag: from n/a through v2.0.2. | ||||
| CVE-2025-23565 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Wibstats allows Reflected XSS. This issue affects Wibstats: from n/a through 0.5.5. | ||||
| CVE-2025-23570 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Social Links allows Reflected XSS. This issue affects WP Social Links: from n/a through 0.3.1. | ||||
| CVE-2025-23575 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound DX Sales CRM allows Reflected XSS. This issue affects DX Sales CRM: from n/a through 1.1. | ||||
| CVE-2024-31913 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | 5.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-23576 | 2025-03-05 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Intro.JS allows Reflected XSS. This issue affects WP Intro.JS: from n/a through 1.1. | ||||
| CVE-2025-23579 | 2025-03-05 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound DZS Ajaxer Lite allows Stored XSS. This issue affects DZS Ajaxer Lite: from n/a through 1.04. | ||||
| CVE-2023-1180 | 1 Health Center Patient Record Management System Project | 1 Health Center Patient Record Management System | 2025-03-05 | 3.5 Low |
| A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331. | ||||