Total
42029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46260 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1. | |||||
| CVE-2025-46472 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.2. | |||||
| CVE-2025-46459 | 2025-04-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ralf Hortt Confirm User Registration allows Stored XSS. This issue affects Confirm User Registration: from n/a through 2.1.5. | |||||
| CVE-2025-46521 | 2025-04-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silver Muru WS Force Login Page allows Stored XSS. This issue affects WS Force Login Page: from n/a through 3.0.3. | |||||
| CVE-2025-4011 | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3706 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
| The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||||
| CVE-2025-3130 | 1 Drupal | 1 Obfuscate | 2025-04-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. | |||||
| CVE-2022-42989 | 1 Sankhya | 1 Sankhya Om | 2025-04-29 | N/A | 9.0 CRITICAL |
| ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. | |||||
| CVE-2022-38724 | 1 Silverstripe | 3 Asset Admin, Assets, Framework | 2025-04-29 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | |||||
| CVE-2022-38462 | 1 Silverstripe | 1 Framework | 2025-04-29 | N/A | 6.1 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | |||||
| CVE-2022-35501 | 1 Amasty | 1 Blog Pro | 2025-04-28 | N/A | 5.4 MEDIUM |
| Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | |||||
| CVE-2022-35500 | 1 Amasty | 1 Blog Pro | 2025-04-28 | N/A | 5.4 MEDIUM |
| Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | |||||
| CVE-2022-45224 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-28 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2022-45223 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-28 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2025-29018 | 1 Codeastro | 1 Internet Banking System | 2025-04-28 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | |||||
| CVE-2022-42095 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-28 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | |||||
| CVE-2024-46077 | 1 Mayurik | 1 Online Tours And Travels Management System | 2025-04-28 | N/A | 5.4 MEDIUM |
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | |||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-33866 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | |||||
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | |||||