Filtered by CWE-79
Total 37603 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-13209 1 Redaxo 1 Redaxo 2025-06-24 2.4 Low
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42898 1 Nagios 1 Nagios Xi 2025-06-24 5.4 Medium
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.
CVE-2024-55226 1 Dani-garcia 1 Vaultwarden 2025-06-24 5.4 Medium
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.
CVE-2025-50048 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9.
CVE-2025-50047 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9.
CVE-2025-50046 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.
CVE-2025-50045 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2.
CVE-2025-50043 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2.
CVE-2025-50026 2025-06-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0.
CVE-2025-50025 2025-06-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81.
CVE-2025-50024 2025-06-24 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3.
CVE-2024-51379 1 Jatos 1 Jatos 2025-06-24 8.4 High
Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.
CVE-2024-51380 1 Jatos 1 Jatos 2025-06-24 8.4 High
Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the injected script is executed in the admin's browser, which could lead to unauthorized actions, including account compromise and privilege escalation.
CVE-2023-1932 2 Hibernate, Redhat 24 Hibernate-validator, A Mq Clients, Amq Broker and 21 more 2025-06-24 6.1 Medium
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
CVE-2025-46096 2 Noear, Solon 2 Solon, Solon 2025-06-24 6.1 Medium
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVE-2025-39407 1 Caseproof 1 Memberpress 2025-06-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0.
CVE-2025-39448 1 Crocoblock 1 Jetelements For Elementor 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.
CVE-2025-48237 1 Wpfactory 1 Wishlist For Woocommerce 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 3.2.2.
CVE-2025-48249 1 Wpfactory 1 Ean For Woocommerce 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6.
CVE-2025-48266 1 Realmag777 1 Active Products Tables For Woocommerce 2025-06-24 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored XSS. This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.8.