Total
36934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44180 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | N/A | 6.1 MEDIUM |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. | |||||
| CVE-2025-44181 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | N/A | 6.1 MEDIUM |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter. | |||||
| CVE-2025-44182 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | N/A | 6.1 MEDIUM |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code. | |||||
| CVE-2025-44183 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | N/A | 6.1 MEDIUM |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters. | |||||
| CVE-2019-11843 | 1 Automattic | 1 Mailpoet | 2025-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | |||||
| CVE-2025-4744 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-7228 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-28 | N/A | 6.1 MEDIUM |
| The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. | |||||
| CVE-2023-49225 | 1 Ruckuswireless | 74 C110, C110 Firmware, E510 and 71 more | 2025-05-28 | N/A | 6.1 MEDIUM |
| A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | |||||
| CVE-2022-40029 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-40028 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter. | |||||
| CVE-2022-40027 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 6.1 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-30578 | 1 Tibco | 1 Ebx Add-ons | 2025-05-28 | N/A | 8.0 HIGH |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below. | |||||
| CVE-2025-47931 | 1 Librenms | 1 Librenms | 2025-05-28 | N/A | 6.1 MEDIUM |
| LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue. | |||||
| CVE-2025-4939 | 1 Phpgurukul | 1 Credit Card Application Management System | 2025-05-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51106 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-28 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. | |||||
| CVE-2024-3669 | 1 Salephpscripts | 1 Web Directory Free | 2025-05-28 | N/A | 6.8 MEDIUM |
| The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-4096 | 1 Wpdarko | 1 Responsive Tabs | 2025-05-28 | N/A | 5.9 MEDIUM |
| The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-5809 | 1 Masdiblogs | 1 Wp Ajax Contact Form | 2025-05-28 | N/A | 6.1 MEDIUM |
| The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users | |||||
| CVE-2024-6884 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-27 | N/A | 5.4 MEDIUM |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-32174 | 1 Gogs | 1 Gogs | 2025-05-27 | N/A | 9.0 CRITICAL |
| In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | |||||