Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0476 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-06-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability. | ||||
| CVE-2024-0500 | 1 Oretnom23 | 1 House Rental Management System | 2025-06-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608. | ||||
| CVE-2024-0504 | 1 Fabianros | 1 Simple Online Hotel Reservation System | 2025-06-03 | 3.5 Low |
| A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0314 | 1 Fireeye | 1 Central Management | 2025-06-03 | 5.4 Medium |
| XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. | ||||
| CVE-2024-0317 | 1 Fireeye | 6 Ex 3500, Ex 3500 Firmware, Ex 5500 and 3 more | 2025-06-03 | 5.4 Medium |
| Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. | ||||
| CVE-2024-0320 | 1 Fireeye | 1 Malware Analysis | 2025-06-03 | 5.4 Medium |
| Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. | ||||
| CVE-2023-6420 | 1 Aatifaneeq | 1 Voovi | 2025-06-03 | 6.5 Medium |
| A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | ||||
| CVE-2023-6428 | 1 Bigprof | 1 Online Invoicing System | 2025-06-03 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-46086 | 1 Servit | 1 Affiliate-toolkit | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | ||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | ||||
| CVE-2025-5153 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-06-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-48314 | 1 Collaboraoffice | 1 Collabora Online | 2025-06-03 | 7.1 High |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-4957 | 1 Librespeed | 1 Speedtest | 2025-06-03 | 3.5 Low |
| A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643. | ||||
| CVE-2024-23782 | 1 Appleple | 1 A-blog Cms | 2025-06-02 | 5.4 Medium |
| Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. | ||||
| CVE-2025-31682 | 1 Google Tag Project | 1 Google Tag | 2025-06-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8. | ||||
| CVE-2023-7200 | 1 Myeventon | 1 Eventon | 2025-06-02 | 6.1 Medium |
| The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-41513 | 2 4pace, Cadclick | 2 Cadclick, Cadclick | 2025-06-02 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. | ||||
| CVE-2024-41514 | 2 4pace, Cadclick | 2 Cadclick, Cadclick | 2025-06-02 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. | ||||
| CVE-2024-41515 | 2 4pace, Cadclick | 2 Cadclick, Cadclick | 2025-06-02 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. | ||||
| CVE-2024-41516 | 2 4pace, Cadclick | 2 Cadclick, Cadclick | 2025-06-02 | 5.4 Medium |
| A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. | ||||