Total
35126 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/cms through 4.11.0 allows XSS. | |||||
| CVE-2023-49034 | 1 Projeqtor | 1 Projeqtor | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files. | |||||
| CVE-2023-46967 | 1 Enhancesoft | 1 Osticket | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-45221 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-25 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. | |||||
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | |||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 5.4 MEDIUM |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | |||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | |||||
| CVE-2022-44284 | 1 Dinstar | 2 Dag2000-16o, Dag2000-16o Firmware | 2025-04-25 | N/A | 5.4 MEDIUM |
| Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-45472 | 1 Caehealthcare | 1 Learningspace Enterprise | 2025-04-25 | N/A | 5.4 MEDIUM |
| CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | |||||
| CVE-2022-45040 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | |||||
| CVE-2022-45038 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | |||||
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | |||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | |||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 3.5 LOW | 5.5 MEDIUM |
| The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2024-25344 | 1 Itflow | 1 Itflow | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. | |||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | |||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | N/A | 9.0 CRITICAL |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | |||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2025-04-25 | N/A | 9.0 CRITICAL |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | |||||