Total
35501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25964 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 5.4 Medium |
| In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | ||||
| CVE-2025-46233 | 1 Sirv | 1 Sirv | 2025-04-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3. | ||||
| CVE-2024-52944 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | 5.4 Medium |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2024-52943 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | 5.4 Medium |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2024-52942 | 1 Veritas | 1 Enterprise Vault | 2025-04-30 | 5.4 Medium |
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2025-46235 | 1 Sktthemes | 1 Skt Blocks | 2025-04-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0. | ||||
| CVE-2025-46236 | 1 Ibericode | 1 Html Forms | 2025-04-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2. | ||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2025-04-30 | 5.4 Medium |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-44073 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | 5.4 Medium |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts. | ||||
| CVE-2022-44071 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | 5.4 Medium |
| Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile. | ||||
| CVE-2022-44070 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | 5.4 Medium |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles. | ||||
| CVE-2022-44069 | 1 Tribalsystems | 1 Zenario | 2025-04-30 | 5.4 Medium |
| Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module. | ||||
| CVE-2022-44002 | 1 Backclick | 1 Backclick | 2025-04-30 | 6.1 Medium |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | ||||
| CVE-2022-43692 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 6.1 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-43342 | 1 Eramba | 1 Eramba | 2025-04-30 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | ||||
| CVE-2022-43263 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. | ||||
| CVE-2022-42960 | 1 Equalweb | 1 Equalweb Accessibility Widget | 2025-04-30 | 5.4 Medium |
| EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. | ||||
| CVE-2022-3631 | 1 Digitialpixies | 1 Oauth Client | 2025-04-30 | 4.8 Medium |
| The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2022-3578 | 1 Metagauss | 1 Profilegrid | 2025-04-30 | 6.1 Medium |
| The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-3539 | 1 Themepoints | 2 Testimonials, Testimonials Pro | 2025-04-30 | 4.8 Medium |
| The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||