Total
35108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43983 | 1 Spatie | 1 Browsershot | 2025-04-29 | N/A | 8.2 HIGH |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol. | |||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 6.1 MEDIUM |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | |||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 6.1 MEDIUM |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | |||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | |||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | |||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | |||||
| CVE-2022-41706 | 1 Spatie | 1 Browsershot | 2025-04-29 | N/A | 8.2 HIGH |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | |||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | |||||
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2025-04-29 | N/A | 5.4 MEDIUM |
| It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | |||||
| CVE-2024-13884 | 1 Rivercitygraphix | 1 Limit Bio | 2025-04-29 | N/A | 7.1 HIGH |
| The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-13885 | 1 Webtechglobal | 1 Wp E-customers Beta | 2025-04-29 | N/A | 7.1 HIGH |
| The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13891 | 1 Scheduler | 1 Schedule | 2025-04-29 | N/A | 7.1 HIGH |
| The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-1401 | 1 S-a | 1 Wp Click Info | 2025-04-29 | N/A | 7.1 HIGH |
| The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2022-45225 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-29 | N/A | 6.1 MEDIUM |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | |||||
| CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | |||||
| CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | |||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 4.9 MEDIUM |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | |||||
| CVE-2025-3901 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4. | |||||
| CVE-2025-29526 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
| A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter. | |||||
| CVE-2025-2543 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
| The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||