Total
36248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1955 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-21 | 3.5 Low |
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48246 | 1 Sourcecodester | 1 Vehicle Management System | 2025-05-21 | 5.4 Medium |
| Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php. | ||||
| CVE-2024-13868 | 1 Tahminajannat | 1 Url Shortener \| Conversion Tracking \| Ab Testing \| Woocommerce | 2025-05-21 | 6.1 Medium |
| The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-38335 | 1 Vtiger | 1 Vtiger Crm | 2025-05-21 | 5.4 Medium |
| Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | ||||
| CVE-2022-37028 | 1 Iris | 1 Isams | 2025-05-21 | 5.4 Medium |
| ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application. | ||||
| CVE-2025-26091 | 1 Teampasswordmanager | 1 Team Password Manager | 2025-05-21 | 4.6 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the "My Passwords" page. | ||||
| CVE-2022-39035 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 6.1 Medium |
| Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | ||||
| CVE-2023-6366 | 1 Progress | 1 Whatsup Gold | 2025-05-21 | 7.6 High |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | ||||
| CVE-2023-48770 | 1 Uxdev | 1 Aparat | 2025-05-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1. | ||||
| CVE-2023-48506 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-48484 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-48495 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2023-48442 | 1 Adobe | 1 Experience Manager | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-48548 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2022-39053 | 1 Heimavista | 1 Dark Horse Rpage | 2025-05-21 | 6.1 Medium |
| Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | ||||
| CVE-2023-48463 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2022-39054 | 1 Cowell Enterprise Travel Management System Project | 1 Cowell Enterprise Travel Management System | 2025-05-21 | 6.1 Medium |
| Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | ||||
| CVE-2023-48516 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-48570 | 1 Adobe | 1 Experience Manager | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-48474 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||