Total
365 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25363 | 1 Thepluginpeople | 1 Enterprise Mail Handler | 2025-04-03 | 6.5 Medium |
| An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template. | ||||
| CVE-2006-0149 | 1 Simpbook | 1 Simpbook | 2025-04-03 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2024-31062 | 1 Munyweki | 1 Insurance Management System | 2025-04-03 | 6.3 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | ||||
| CVE-2024-25873 | 1 Enhavo | 1 Enhavo | 2025-04-02 | 5.4 Medium |
| Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | ||||
| CVE-2025-30210 | 2025-04-02 | N/A | ||
| Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment's name. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno or Postman collection export and the user hovers on the environment name. This vulnerability is fixed in 1.39.1. | ||||
| CVE-2025-29431 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | 3.2 Low |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters. | ||||
| CVE-2025-29426 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-04-02 | 4.6 Medium |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters. | ||||
| CVE-2025-31604 | 2025-04-01 | 6.5 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com allows Stored XSS. This issue affects Cal.com: from n/a through 1.0.0. | ||||
| CVE-2025-31575 | 2025-04-01 | 5.9 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons allows Stored XSS. This issue affects Flag Icons: from n/a through 2.2. | ||||
| CVE-2025-30161 | 2025-04-01 | N/A | ||
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. | ||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | 5.3 Medium |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | ||||
| CVE-2025-29427 | 1 Fabianros | 1 Online Class And Exam Scheduling System | 2025-03-28 | 5.9 Medium |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters. | ||||
| CVE-2025-31075 | 2025-03-28 | 6.5 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29. | ||||
| CVE-2025-31465 | 2025-03-28 | 6.5 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1. | ||||
| CVE-2025-22501 | 2025-03-28 | 7.1 High | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6. | ||||
| CVE-2024-13497 | 1 Tripetto | 1 Tripetto | 2025-03-28 | 7.2 High |
| The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | ||||
| CVE-2025-1997 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-03-27 | 5.4 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||||
| CVE-2024-26282 | 1 Mozilla | 1 Firefox | 2025-03-27 | 7.1 High |
| Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123. | ||||
| CVE-2025-29430 | 1 Fabianros | 1 Online Class And Exam Scheduling System | 2025-03-25 | 4.1 Medium |
| Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters. | ||||
| CVE-2024-2868 | 1 Hasthemes | 1 Shoplentor | 2025-03-24 | 6.4 Medium |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||