Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48228 | 1 Funadmin | 1 Funadmin | 2025-06-10 | 6.1 Medium |
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | ||||
| CVE-2024-35110 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | 5.5 Medium |
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | ||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | 7.3 High |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | ||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | 6.1 Medium |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | ||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | 6.1 Medium |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | ||||
| CVE-2023-52327 | 1 Trendmicro | 1 Apex Central | 2025-06-10 | 6.1 Medium |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | ||||
| CVE-2024-1269 | 1 Remyandrade | 1 Product Management System | 2025-06-10 | 2.4 Low |
| A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. | ||||
| CVE-2024-4090 | 1 Premio | 1 My Sticky Bar | 2025-06-10 | 4.8 Medium |
| The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-6272 | 2 10web, Spidercontacts | 2 Spidercontacts, Spidercontacts Wordpress | 2025-06-10 | 6.1 Medium |
| The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6536 | 2 Dylanjames, Dylanjkotze | 2 Zephyr Project Manager, Zephyr Project Manager | 2025-06-10 | 5.4 Medium |
| The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4217 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-06-10 | 4.7 Medium |
| The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks. | ||||
| CVE-2024-0974 | 1 Bmwebproperties | 1 Social Media Widget | 2025-06-10 | 4.8 Medium |
| The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-5721 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-47702 | 1 Oembed Providers Project | 1 Oembed Providers | 2025-06-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. | ||||
| CVE-2025-47703 | 1 Cookies Consent Manager Project | 1 Cookies Coonsent Manager | 2025-06-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. | ||||
| CVE-2024-30951 | 1 Fudforum | 1 Fudforum | 2025-06-10 | 6.1 Medium |
| FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. | ||||
| CVE-2024-30950 | 1 Fudforum | 1 Fudforum | 2025-06-10 | 3.5 Low |
| A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php. | ||||
| CVE-2025-47704 | 1 Klaro Cookie \& Consent Management Project | 1 Klaro Cookie \& Consent Management | 2025-06-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. | ||||
| CVE-2025-47705 | 1 Iframe Remove Filter Project | 1 Iframe Remove Filter | 2025-06-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. | ||||
| CVE-2025-46173 | 1 Code-projects | 1 Online Exam Mastering System | 2025-06-10 | 6.1 Medium |
| code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. | ||||