Total
42030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54775 | 1 Dcatadmin | 1 Dcat Admin | 2025-04-22 | N/A | 4.8 MEDIUM |
| Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. | |||||
| CVE-2024-56314 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2024-56313 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2024-56312 | 1 Vanderbilt | 1 Redcap | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |||||
| CVE-2022-46381 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. | |||||
| CVE-2022-46058 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | N/A | 4.8 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||||
| CVE-2022-44303 | 1 Resque-scheduler Project | 1 Resque-scheduler | 2025-04-22 | N/A | 6.1 MEDIUM |
| Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side. | |||||
| CVE-2022-43996 | 1 Csaf Provider Project | 1 Csaf Provider | 2025-04-22 | N/A | 5.4 MEDIUM |
| The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory. | |||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31913 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | |||||
| CVE-2021-33371 | 1 Kabir-m-alhasan | 1 Student Management System | 2025-04-22 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||
| CVE-2024-25854 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. | |||||
| CVE-2024-41375 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | |||||
| CVE-2024-41374 | 1 Icecoder | 1 Icecoder | 2025-04-22 | N/A | 6.1 MEDIUM |
| ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | |||||
| CVE-2025-25958 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. | |||||
| CVE-2025-25960 | 1 Phpcms | 1 Phpcms | 2025-04-22 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. | |||||
| CVE-2025-32176 | 2025-04-22 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator Gallery Blocks with Lightbox allows Stored XSS.This issue affects Gallery Blocks with Lightbox: from n/a through 3.2.5. | |||||
| CVE-2022-45028 | 1 Arris | 2 Nvg443b, Nvg443b Firmware | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | |||||
| CVE-2022-44575 | 1 Siemens | 1 Plm Help Server | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. | |||||
| CVE-2022-46350 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | |||||