Total
36814 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-28102 | 1 Dogukanurker | 1 Flaskblog | 2025-06-23 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost. | |||||
CVE-2024-24136 | 1 Remyandrade | 1 Math Game | 2025-06-20 | N/A | 6.1 MEDIUM |
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | |||||
CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2025-06-20 | N/A | 5.4 MEDIUM |
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2024-23183 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | N/A | 5.4 MEDIUM |
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser. | |||||
CVE-2024-23181 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | N/A | 6.1 MEDIUM |
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. | |||||
CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2025-06-20 | N/A | 6.1 MEDIUM |
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
CVE-2024-22635 | 1 Webcalendar Project | 1 Webcalendar | 2025-06-20 | N/A | 6.1 MEDIUM |
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | |||||
CVE-2024-22570 | 1 Njtech | 1 Greencms | 2025-06-20 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
CVE-2023-7089 | 1 Benjaminzekavica | 1 Easy Svg Support | 2025-06-20 | N/A | 5.4 MEDIUM |
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
CVE-2023-6278 | 1 Biteship | 1 Biteship | 2025-06-20 | N/A | 6.1 MEDIUM |
The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
CVE-2023-37571 | 1 Softing | 1 Th Scope | 2025-06-20 | N/A | 6.1 MEDIUM |
Softing TH SCOPE through 3.70 allows XSS. | |||||
CVE-2023-33758 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-06-20 | N/A | 6.1 MEDIUM |
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | |||||
CVE-2021-43635 | 1 Codexnotes | 1 Codex | 2025-06-20 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | |||||
CVE-2024-22549 | 1 Flycms Project | 1 Flycms | 2025-06-20 | N/A | 5.4 MEDIUM |
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | |||||
CVE-2024-0606 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | N/A | 6.1 MEDIUM |
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | |||||
CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2025-06-20 | N/A | 6.1 MEDIUM |
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
CVE-2023-52326 | 1 Trendmicro | 1 Apex Central | 2025-06-20 | N/A | 6.1 MEDIUM |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | |||||
CVE-2023-51946 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | N/A | 6.1 MEDIUM |
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2025-06-20 | N/A | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | |||||
CVE-2024-31651 | 1 Oretnom23 | 1 Cosmetics And Beauty Product Online Store | 2025-06-20 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. |