Total
36825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1663 | 1 Texttheater | 1 Ultimate Noindex Nofollow Tool Ii | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-2643 | 1 Premio | 1 My Sticky Bar | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-34500 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | |||||
| CVE-2024-3931 | 1 Totara | 1 Totara | 2025-06-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-28725 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | N/A | 7.1 HIGH |
| Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | |||||
| CVE-2025-45755 | 1 Vtiger | 1 Vtiger Crm | 2025-06-10 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution. | |||||
| CVE-2025-5726 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5727 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5757 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5764 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5765 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27719 | 1 Rems | 1 Faq Management System | 2025-06-10 | N/A | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | |||||
| CVE-2024-48228 | 1 Funadmin | 1 Funadmin | 2025-06-10 | N/A | 6.1 MEDIUM |
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | |||||
| CVE-2024-35110 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | N/A | 5.5 MEDIUM |
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | |||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | N/A | 7.3 HIGH |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | |||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | N/A | 6.1 MEDIUM |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | |||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | N/A | 6.1 MEDIUM |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | |||||
| CVE-2023-52327 | 1 Trendmicro | 1 Apex Central | 2025-06-10 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | |||||
| CVE-2024-4090 | 1 Premio | 1 My Sticky Bar | 2025-06-10 | N/A | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-6272 | 1 10web | 1 Spidercontacts | 2025-06-10 | N/A | 6.1 MEDIUM |
| The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||