Total
37787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43500 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2022-43499 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-43497 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2022-43487 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2021-34181 | 1 Tomexam | 1 Tomexam | 2025-04-24 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. | |||||
| CVE-2022-46089 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | |||||
| CVE-2025-2946 | 1 Pgadmin | 1 Pgadmin 4 | 2025-04-23 | N/A | 9.1 CRITICAL |
| pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser. | |||||
| CVE-2024-55000 | 1 Mayurik | 1 House Rental Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. | |||||
| CVE-2024-56115 | 1 Amiro | 1 Amiro.cms | 2025-04-23 | N/A | 6.1 MEDIUM |
| A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. | |||||
| CVE-2024-43437 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | |||||
| CVE-2024-43439 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk. | |||||
| CVE-2024-5520 | 1 Alkacon | 1 Opencms | 2025-04-23 | N/A | 6.4 MEDIUM |
| Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field. | |||||
| CVE-2023-25836 | 1 Esri | 1 Portal For Arcgis | 2025-04-23 | N/A | 5.4 MEDIUM |
| There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low. | |||||
| CVE-2023-25831 | 1 Esri | 1 Portal For Arcgis | 2025-04-23 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2023-25830 | 1 Esri | 1 Portal For Arcgis | 2025-04-23 | N/A | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | |||||
| CVE-2022-45217 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. | |||||
| CVE-2022-45122 | 1 Sixapart | 1 Movable Type | 2025-04-23 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2024-41355 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 6.5 MEDIUM |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. | |||||
| CVE-2024-41356 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 4.7 MEDIUM |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. | |||||
| CVE-2024-41357 | 1 Phpipam | 1 Phpipam | 2025-04-23 | N/A | 7.1 HIGH |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. | |||||