Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5055 | 2025-05-28 | 4.4 Medium | ||
| The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-4223 | 2025-05-28 | 4.7 Medium | ||
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. A valid username/password pair needs to be supplied in order to be successfully exploited and any injected scripts will only execute in the context of that authenticated user. | ||||
| CVE-2024-51320 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components | ||||
| CVE-2025-25747 | 1 Digitaldruid | 1 Hoteldruid | 2025-05-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint | ||||
| CVE-2025-44184 | 1 Mayurik | 1 Best Employee Management System | 2025-05-28 | 4.8 Medium |
| SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. | ||||
| CVE-2025-44180 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | 6.1 Medium |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. | ||||
| CVE-2025-44181 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | 6.1 Medium |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter. | ||||
| CVE-2025-44182 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | 6.1 Medium |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code. | ||||
| CVE-2025-44183 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | 6.1 Medium |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters. | ||||
| CVE-2019-11843 | 1 Automattic | 1 Mailpoet | 2025-05-28 | 6.1 Medium |
| The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | ||||
| CVE-2025-4744 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-7228 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-28 | 6.1 Medium |
| The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. | ||||
| CVE-2022-40029 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | 4.8 Medium |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | ||||
| CVE-2022-40028 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | 4.8 Medium |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter. | ||||
| CVE-2022-40027 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | 6.1 Medium |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | ||||
| CVE-2022-30578 | 1 Tibco | 1 Ebx Add-ons | 2025-05-28 | 8 High |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below. | ||||
| CVE-2019-25093 | 1 Recent Threads On Index Project | 1 Recent Threads On Index | 2025-05-28 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability. | ||||
| CVE-2012-10002 | 1 Rivettracker Project | 1 Rivettracker | 2025-05-28 | 3.5 Low |
| A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The patch is named 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267. | ||||
| CVE-2022-4876 | 1 Kaltura | 1 Mwembed | 2025-05-28 | 3.5 Low |
| A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427. | ||||
| CVE-2020-36644 | 1 Inline Svg Project | 1 Inline Svg | 2025-05-28 | 3.5 Low |
| A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The identifier of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability. | ||||