Total
36832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5765 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27719 | 1 Rems | 1 Faq Management System | 2025-06-10 | N/A | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | |||||
| CVE-2024-48228 | 1 Funadmin | 1 Funadmin | 2025-06-10 | N/A | 6.1 MEDIUM |
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | |||||
| CVE-2024-35110 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | N/A | 5.5 MEDIUM |
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | |||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | N/A | 7.3 HIGH |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | |||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | N/A | 6.1 MEDIUM |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | |||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | N/A | 6.1 MEDIUM |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | |||||
| CVE-2023-52327 | 1 Trendmicro | 1 Apex Central | 2025-06-10 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | |||||
| CVE-2024-4090 | 1 Premio | 1 My Sticky Bar | 2025-06-10 | N/A | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-6272 | 1 10web | 1 Spidercontacts | 2025-06-10 | N/A | 6.1 MEDIUM |
| The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-6536 | 1 Dylanjkotze | 1 Zephyr Project Manager | 2025-06-10 | N/A | 5.4 MEDIUM |
| The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-4217 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-06-10 | N/A | 4.7 MEDIUM |
| The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks. | |||||
| CVE-2024-0974 | 1 Bmwebproperties | 1 Social Media Widget | 2025-06-10 | N/A | 4.8 MEDIUM |
| The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-5721 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47702 | 1 Oembed Providers Project | 1 Oembed Providers | 2025-06-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. | |||||
| CVE-2025-47703 | 1 Cookies Consent Manager Project | 1 Cookies Coonsent Manager | 2025-06-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. | |||||
| CVE-2024-30951 | 1 Fudforum | 1 Fudforum | 2025-06-10 | N/A | 6.1 MEDIUM |
| FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. | |||||
| CVE-2024-30950 | 1 Fudforum | 1 Fudforum | 2025-06-10 | N/A | 3.5 LOW |
| A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php. | |||||
| CVE-2025-47704 | 1 Klaro Cookie \& Consent Management Project | 1 Klaro Cookie \& Consent Management | 2025-06-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. | |||||
| CVE-2025-47705 | 1 Iframe Remove Filter Project | 1 Iframe Remove Filter | 2025-06-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. | |||||