Total
35305 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51055 | 1 Hoosk | 1 Hoosk | 2025-04-18 | 6.5 Medium |
| An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | ||||
| CVE-2023-46950 | 1 Contribsys | 1 Sidekiq | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. | ||||
| CVE-2023-46951 | 1 Contribsys | 1 Sidekiq | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function. | ||||
| CVE-2025-25949 | 2025-04-18 | 5.4 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update. | ||||
| CVE-2022-36223 | 1 Emby | 1 Emby | 2025-04-18 | 6.1 Medium |
| In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account. | ||||
| CVE-2024-24511 | 1 Pkp.sfu | 1 Open Journal Systems | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. | ||||
| CVE-2024-24512 | 1 Pkp.sfu | 1 Open Journal Systems | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. | ||||
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | ||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 4.6 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | ||||
| CVE-2025-3789 | 2025-04-18 | 3.5 Low | ||
| A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3755 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | 5.4 Medium |
| The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-33859 | 1 Logpoint | 1 Siem | 2025-04-18 | 6.1 Medium |
| An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | ||||
| CVE-2025-3788 | 2025-04-18 | 3.5 Low | ||
| A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29710 | 2025-04-18 | 6.1 Medium | ||
| SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services. | ||||
| CVE-2025-26153 | 2025-04-18 | 5.4 Medium | ||
| A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. | ||||
| CVE-2024-40074 | 2025-04-18 | 4.8 Medium | ||
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | ||||
| CVE-2025-3246 | 2025-04-18 | N/A | ||
| An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-13650 | 2025-04-18 | 6.4 Medium | ||
| The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-2613 | 2025-04-18 | 4.4 Medium | ||
| The Login Manager – Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-39469 | 2025-04-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1. | ||||