Total
42029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45990 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2025-04-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. | |||||
| CVE-2022-45769 | 1 Clicshopping | 1 Clicshopping V3 | 2025-04-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter. | |||||
| CVE-2022-45020 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 8.8 HIGH |
| Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2022-44950 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44949 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. | |||||
| CVE-2022-44948 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | |||||
| CVE-2022-44947 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". | |||||
| CVE-2022-44946 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | |||||
| CVE-2022-43706 | 1 Stackstorm | 1 Stackstorm | 2025-04-24 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users. | |||||
| CVE-2022-43556 | 1 Concretecms | 1 Concrete Cms | 2025-04-24 | N/A | 6.1 MEDIUM |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Thanks @_akbar_jafarli_ for reporting. Remediate by updating to Concrete CMS 8.5.10 and Concrete CMS 9.1.3. | |||||
| CVE-2022-43500 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2022-43499 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-43497 | 1 Wordpress | 1 Wordpress | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2022-43487 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2021-34181 | 1 Tomexam | 1 Tomexam | 2025-04-24 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml. | |||||
| CVE-2022-46089 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-04-24 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | |||||
| CVE-2025-2946 | 1 Pgadmin | 1 Pgadmin 4 | 2025-04-23 | N/A | 9.1 CRITICAL |
| pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser. | |||||
| CVE-2024-55000 | 1 Mayurik | 1 House Rental Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
| Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. | |||||
| CVE-2024-56115 | 1 Amiro | 1 Amiro.cms | 2025-04-23 | N/A | 6.1 MEDIUM |
| A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. | |||||
| CVE-2024-43437 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | |||||