Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27211 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||||
| CVE-2023-27212 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | ||||
| CVE-2023-1286 | 1 Pimcore | 1 Pimcore | 2025-02-28 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2025-27400 | 2025-02-28 | 2.9 Low | ||
| Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.1 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.1 contain a patch for the issue. | ||||
| CVE-2025-25916 | 2025-02-28 | 5.4 Medium | ||
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||||
| CVE-2025-25461 | 2025-02-28 | 5.4 Medium | ||
| A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document. | ||||
| CVE-2023-1312 | 1 Pimcore | 1 Pimcore | 2025-02-28 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2024-53408 | 2025-02-28 | 5.4 Medium | ||
| AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-12820 | 2025-02-28 | 6.4 Medium | ||
| The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13851 | 2025-02-28 | 5.5 Medium | ||
| The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2021-1879 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-02-28 | 6.1 Medium |
| This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2023-1318 | 1 Enhancesoft | 1 Osticket | 2025-02-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2025-1746 | 2025-02-28 | 6.1 Medium | ||
| Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-1747 | 2025-02-28 | 4.7 Medium | ||
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. | ||||
| CVE-2025-1748 | 2025-02-28 | 4.7 Medium | ||
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. | ||||
| CVE-2025-1776 | 2025-02-28 | 6.1 Medium | ||
| Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-1749 | 2025-02-28 | 4.7 Medium | ||
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher. | ||||
| CVE-2025-1571 | 2025-02-28 | 6.4 Medium | ||
| The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1560 | 2025-02-28 | 6.4 Medium | ||
| The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13469 | 2025-02-28 | 6.4 Medium | ||
| The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||