Total
35145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46684 | 1 Jenkins | 1 Checkmarx | 2025-04-23 | N/A | 5.4 MEDIUM |
| Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-44361 | 1 Zzcms | 1 Zzcms | 2025-04-23 | N/A | 5.4 MEDIUM |
| An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. | |||||
| CVE-2022-44153 | 1 Rapidscada | 1 Rapid Scada | 2025-04-23 | N/A | 6.1 MEDIUM |
| Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-42486 | 1 Basercms | 1 Basercms | 2025-04-23 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2008-2991 | 1 Adobe | 1 Robohelp Server | 2025-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. | |||||
| CVE-2008-0642 | 1 Adobe | 1 Robohelp | 2025-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. | |||||
| CVE-2024-40507 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | |||||
| CVE-2024-40508 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | |||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | |||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | |||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | N/A | 7.3 HIGH |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | |||||
| CVE-2023-43378 | 2025-04-23 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter. | |||||
| CVE-2022-41994 | 1 Basercms | 1 Basercms | 2025-04-23 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-3838 | 1 Wpupper Share Buttons Project | 1 Wpupper Share Buttons | 2025-04-23 | N/A | 4.8 MEDIUM |
| The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-25630 | 1 Symantec | 1 Messaging Gateway | 2025-04-23 | N/A | 5.4 MEDIUM |
| An authenticated user can embed malicious content with XSS into the admin group policy page. | |||||
| CVE-2022-25629 | 1 Symantec | 1 Messaging Gateway | 2025-04-23 | N/A | 5.4 MEDIUM |
| An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | |||||
| CVE-2024-44818 | 1 Zzcms | 1 Zzcms | 2025-04-23 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTP_Referer header of the caina.php component. | |||||
| CVE-2025-1949 | 1 Zzcms | 1 Zzcms | 2025-04-23 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-37859 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | |||||