Total
35140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | |||||
| CVE-2022-44951 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 6.8 MEDIUM |
| A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-38803 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 6.8 MEDIUM |
| Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | |||||
| CVE-2022-38802 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 6.2 MEDIUM |
| Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF | |||||
| CVE-2022-38801 | 1 Zkteco | 1 Biotime | 2025-04-24 | N/A | 5.4 MEDIUM |
| In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting. | |||||
| CVE-2023-41425 | 1 Wondercms | 1 Wondercms | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. | |||||
| CVE-2022-37926 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | N/A | 5.5 MEDIUM |
| A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
| CVE-2022-37925 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | N/A | 6.1 MEDIUM |
| A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
| CVE-2024-41446 | 1 Alkacon | 1 Opencms | 2025-04-24 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. | |||||
| CVE-2024-42699 | 1 Alkacon | 1 Opencms | 2025-04-24 | N/A | 6.5 MEDIUM |
| Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field | |||||
| CVE-2025-28121 | 1 Code-projects | 1 Online Exam Mastering System | 2025-04-24 | N/A | 6.1 MEDIUM |
| code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code. | |||||
| CVE-2022-46391 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2025-04-24 | N/A | 6.1 MEDIUM |
| AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | |||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3822 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-55451 | 1 Ujcms | 1 Ujcms | 2025-04-24 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens. | |||||
| CVE-2024-21494 | 1 Greenpau | 1 Caddy-security | 2025-04-24 | N/A | 5.4 MEDIUM |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | |||||
| CVE-2022-44944 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
| CVE-2022-43097 | 1 User Registration \& User Management System Project | 1 User Registration \& User Management System | 2025-04-24 | N/A | 5.4 MEDIUM |
| Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. | |||||
| CVE-2022-41830 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2025-04-24 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | |||||