Total
35136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45472 | 1 Caehealthcare | 1 Learningspace Enterprise | 2025-04-25 | N/A | 5.4 MEDIUM |
| CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | |||||
| CVE-2022-45040 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | |||||
| CVE-2022-45038 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | |||||
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | |||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | |||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 3.5 LOW | 5.5 MEDIUM |
| The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2024-25344 | 1 Itflow | 1 Itflow | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. | |||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | |||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | N/A | 9.0 CRITICAL |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | |||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2025-04-25 | N/A | 9.0 CRITICAL |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | |||||
| CVE-2022-0698 | 1 Microweber | 1 Microweber | 2025-04-25 | N/A | 6.1 MEDIUM |
| Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | |||||
| CVE-2022-42100 | 1 Klik Project | 1 Klik | 2025-04-25 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | |||||
| CVE-2022-44279 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-25 | N/A | 6.1 MEDIUM |
| Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | |||||
| CVE-2022-44355 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-04-25 | N/A | 6.1 MEDIUM |
| SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | |||||
| CVE-2022-36433 | 1 Amasty | 1 Amasty Blog Pro | 2025-04-25 | N/A | 6.1 MEDIUM |
| The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save. | |||||
| CVE-2022-36137 | 1 Churchcrm | 1 Churchcrm | 2025-04-25 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. | |||||
| CVE-2022-36136 | 1 Churchcrm | 1 Churchcrm | 2025-04-25 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. | |||||
| CVE-2021-31740 | 1 Seppmail | 1 Seppmail | 2025-04-25 | N/A | 6.1 MEDIUM |
| SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS). | |||||
| CVE-2020-21219 | 1 Netgate | 2 Acme, Pfsense | 2025-04-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | |||||
| CVE-2022-44959 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||