Total
35105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0671 | 1 Icegram | 1 Icegram Express | 2025-04-29 | N/A | 6.1 MEDIUM |
| The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-46550 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. | |||||
| CVE-2025-46549 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. | |||||
| CVE-2022-42187 | 1 Hustoj | 1 Hustoj | 2025-04-29 | N/A | 6.1 MEDIUM |
| Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. | |||||
| CVE-2022-41558 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2025-04-29 | N/A | 9.0 CRITICAL |
| The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0. | |||||
| CVE-2022-39834 | 1 Keyfactor | 1 Primekey Ejbca | 2025-04-29 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user. | |||||
| CVE-2024-9771 | 1 Plechevandrey | 1 Wp-recall | 2025-04-29 | N/A | 3.5 LOW |
| The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12273 | 1 Codepeople | 1 Calculated Fields Form | 2025-04-29 | N/A | 3.5 LOW |
| The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-30676 | 1 Apache | 1 Ofbiz | 2025-04-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue. | |||||
| CVE-2025-2055 | 1 Mappresspro | 1 Mappress | 2025-04-29 | N/A | 6.8 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-9230 | 1 Blubrry | 1 Powerpress | 2025-04-29 | N/A | 5.9 MEDIUM |
| The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-13069 | 1 Rems | 1 Multi Role Login System | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13021 | 1 Rems | 1 Road Accident Map Marker | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name/details leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3489 | 1 Nababur | 1 Simple-user-management-system | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3387 | 1 Renrenio | 1 Renren-security | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3386 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3385 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-43143 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2025-04-29 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. | |||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | N/A | 5.4 MEDIUM |
| Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. | |||||