Total
366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2025-06-03 | N/A | 6.1 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | |||||
| CVE-2025-33138 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | N/A | 5.4 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2023-46310 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | N/A | 5.3 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10. | |||||
| CVE-2024-41693 | 1 Priority-software | 1 Mashov | 2025-05-19 | N/A | 6.1 MEDIUM |
| Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | |||||
| CVE-2025-30161 | 1 Open-emr | 1 Openemr | 2025-05-13 | N/A | 5.4 MEDIUM |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. | |||||
| CVE-2024-28417 | 1 Webedition | 1 Webedition Cms | 2025-04-30 | N/A | 6.3 MEDIUM |
| Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. | |||||
| CVE-2024-38469 | 1 Ibarn Project | 1 Ibarn | 2025-04-30 | N/A | 6.3 MEDIUM |
| zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php. | |||||
| CVE-2025-30676 | 1 Apache | 1 Ofbiz | 2025-04-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue. | |||||
| CVE-2024-42195 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-21 | N/A | 3.1 LOW |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2024-33423 | 1 Cmsimple | 1 Cmsimple | 2025-04-14 | N/A | 7.4 HIGH |
| Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. | |||||
| CVE-2023-29508 | 1 Xwiki | 1 Xwiki | 2025-04-11 | N/A | 8.9 HIGH |
| XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. | |||||
| CVE-2024-32746 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | |||||
| CVE-2025-0272 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-10 | N/A | 5.4 MEDIUM |
| HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | |||||
| CVE-2025-25363 | 1 Thepluginpeople | 1 Enterprise Mail Handler | 2025-04-03 | N/A | 6.5 MEDIUM |
| An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. | |||||
| CVE-2024-31062 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | N/A | 6.3 MEDIUM |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | |||||
| CVE-2024-25873 | 1 Enhavo | 1 Enhavo | 2025-04-02 | N/A | 5.4 MEDIUM |
| Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2025-29431 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | N/A | 3.2 LOW |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters. | |||||
| CVE-2025-29426 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | N/A | 4.6 MEDIUM |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters. | |||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | |||||
| CVE-2024-13497 | 1 Tripetto | 1 Tripetto | 2025-03-28 | N/A | 7.2 HIGH |
| The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | |||||