Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33536 | 1 Zimbra | 1 Collaboration | 2025-03-25 | 5.4 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | ||||
| CVE-2024-28710 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | ||||
| CVE-2024-28709 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | ||||
| CVE-2024-28153 | 1 Jenkins | 1 Owasp Dependency-check | 2025-03-25 | 7.3 High |
| Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-1434 | 1 Jordymeow | 1 Media Alt Renamer | 2025-03-25 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1. | ||||
| CVE-2024-26490 | 1 Flusity | 1 Flusity | 2025-03-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | ||||
| CVE-2024-26491 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | ||||
| CVE-2025-2610 | 2025-03-25 | 7.6 High | ||
| Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0. | ||||
| CVE-2025-2609 | 2025-03-25 | 8.2 High | ||
| Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0. | ||||
| CVE-2024-45429 | 1 Wpengine | 1 Advanced Custom Fields | 2025-03-25 | 6.1 Medium |
| Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's. | ||||
| CVE-2024-33328 | 1 Lumis | 1 Lumis Experience Platform | 2025-03-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter. | ||||
| CVE-2024-24157 | 2025-03-25 | 6.1 Medium | ||
| Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. | ||||
| CVE-2023-48432 | 1 Zimbra | 1 Collaboration | 2025-03-25 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. | ||||
| CVE-2022-41311 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-03-25 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | ||||
| CVE-2025-27888 | 2025-03-25 | N/A | ||
| Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue. | ||||
| CVE-2023-0740 | 1 Answer | 1 Answer | 2025-03-25 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2025-26742 | 2025-03-25 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35. | ||||
| CVE-2024-47227 | 1 Iredmail | 1 Iredadmin | 2025-03-25 | 6.1 Medium |
| iRedAdmin before 2.6 allows XSS, e.g., via order_name. | ||||
| CVE-2023-23026 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2025-03-25 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | ||||
| CVE-2023-23011 | 1 Invoiceplane | 1 Invoiceplane | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | ||||