Total
35904 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33231 | 1 Easyvista | 1 Service Manager | 2025-05-08 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. | ||||
| CVE-2016-5512 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. | ||||
| CVE-2018-8032 | 3 Apache, Debian, Oracle | 38 Axis, Debian Linux, Agile Engineering Data Management and 35 more | 2025-05-08 | 6.1 Medium |
| Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | ||||
| CVE-2022-3339 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-05-08 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. | ||||
| CVE-2023-4479 | 1 M-files | 1 M-files | 2025-05-08 | 7.3 High |
| Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. | ||||
| CVE-2024-1746 | 1 Radiustheme | 1 Testimonial Slider And Showcase | 2025-05-08 | 5.4 Medium |
| The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-1660 | 1 Wpdarko | 1 Top Bar | 2025-05-08 | 4.8 Medium |
| The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-2444 | 1 Data443 | 1 Inline Related Posts | 2025-05-08 | 4.8 Medium |
| The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-3752 | 1 Crelly Slider Project | 1 Crelly Slider | 2025-05-08 | 5.4 Medium |
| The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-0904 | 1 Radykal | 1 Fancy Product Designer | 2025-05-08 | 5.9 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3692 | 1 Jegstudio | 1 Gutenverse | 2025-05-08 | 6.1 Medium |
| The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-3637 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-05-08 | 6.1 Medium |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-47488 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows DOM-Based XSS. This issue affects Bold Page Builder: from n/a through 5.3.2. | ||||
| CVE-2025-47489 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.29. | ||||
| CVE-2025-47607 | 2025-05-08 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty Show All Comments allows Stored XSS. This issue affects Show All Comments: from n/a through 7.0.1. | ||||
| CVE-2025-29746 | 2025-05-08 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | ||||
| CVE-2024-25225 | 1 Code-projects | 1 Simple Admin Panel | 2025-05-08 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
| CVE-2022-42200 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 5.4 Medium |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. | ||||
| CVE-2022-41358 | 1 Garage Management System Project | 1 Garage Management System | 2025-05-08 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. | ||||
| CVE-2025-47482 | 2025-05-08 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.4. | ||||