Total
35465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46235 | 1 Sktthemes | 1 Skt Blocks | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0. | |||||
| CVE-2025-46236 | 1 Ibericode | 1 Html Forms | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2. | |||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2025-04-30 | N/A | 5.4 MEDIUM |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-44073 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | |||||
| CVE-2022-44071 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | |||||
| CVE-2022-44070 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | |||||
| CVE-2022-44069 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | N/A | 5.4 MEDIUM |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | |||||
| CVE-2022-44002 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 6.1 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | |||||
| CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | |||||
| CVE-2022-43342 | 1 Eramba | 1 Eramba | 2025-04-30 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | |||||
| CVE-2022-43263 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. | |||||
| CVE-2022-42960 | 1 Equalweb | 1 Equalweb Accessibility Widget | 2025-04-30 | N/A | 5.4 MEDIUM |
| EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. | |||||
| CVE-2022-3631 | 1 Digitialpixies | 1 Oauth Client | 2025-04-30 | N/A | 4.8 MEDIUM |
| The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-3578 | 1 Metagauss | 1 Profilegrid | 2025-04-30 | N/A | 6.1 MEDIUM |
| The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-3539 | 1 Themepoints | 2 Testimonials, Testimonials Pro | 2025-04-30 | N/A | 4.8 MEDIUM |
| The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3484 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2025-04-30 | N/A | 6.1 MEDIUM |
| The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-38146 | 1 Silverstripe | 1 Framework | 2025-04-30 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | |||||
| CVE-2025-46237 | 1 Ylefebvre | 1 Link Library | 2025-04-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8. | |||||
| CVE-2025-30149 | 1 Open-emr | 1 Openemr | 2025-04-30 | N/A | 6.4 MEDIUM |
| OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3. | |||||
| CVE-2025-1524 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-30 | N/A | 3.5 LOW |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||