Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1842 | 2025-03-03 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-1315 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1316 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-1319 | 1 Enhancesoft | 1 Osticket | 2025-03-03 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2025-23493 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Google Transliteration allows Reflected XSS. This issue affects Google Transliteration: from n/a through 1.7.2. | ||||
| CVE-2025-23490 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Browser-Update-Notify allows Reflected XSS. This issue affects Browser-Update-Notify: from n/a through 0.2.1. | ||||
| CVE-2025-23488 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound rng-refresh allows Reflected XSS. This issue affects rng-refresh: from n/a through 1.0. | ||||
| CVE-2025-23487 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Gallery allows Reflected XSS. This issue affects Easy Gallery: from n/a through 1.4. | ||||
| CVE-2025-23447 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Smooth Dynamic Slider allows Reflected XSS. This issue affects Smooth Dynamic Slider: from n/a through 1.0. | ||||
| CVE-2025-23441 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Attach Gallery Posts allows Reflected XSS. This issue affects Attach Gallery Posts: from n/a through 1.6. | ||||
| CVE-2024-57026 | 1 Tawk | 1 Tawk.to | 2025-03-03 | 6.1 Medium |
| TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution. | ||||
| CVE-2025-23439 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config allows Reflected XSS. This issue affects TinyMCE Extended Config: from n/a through 0.1.0. | ||||
| CVE-2025-23437 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ntp-header-images allows Reflected XSS. This issue affects ntp-header-images: from n/a through 1.2. | ||||
| CVE-2025-23433 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS allows Reflected XSS. This issue affects vcOS: from n/a through 1.4.0. | ||||
| CVE-2025-23425 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark allows Reflected XSS. This issue affects Marekkis Watermark: from n/a through 0.9.4. | ||||
| CVE-2023-27130 | 1 Typecho | 1 Typecho | 2025-03-03 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. | ||||
| CVE-2025-23813 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Guten Free Options allows Reflected XSS. This issue affects Guten Free Options: from n/a through 0.9.5. | ||||
| CVE-2025-24694 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Email Registration Blacklist and Whitelist allows Reflected XSS. This issue affects CM Email Registration Blacklist and Whitelist: from n/a through 1.5.5. | ||||
| CVE-2025-23847 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Site Launcher allows Reflected XSS. This issue affects Site Launcher: from n/a through 0.9.4. | ||||
| CVE-2024-57237 | 2025-03-03 | 6.3 Medium | ||
| Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code. | ||||