Total
37603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | 2.4 Low |
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-42898 | 1 Nagios | 1 Nagios Xi | 2025-06-24 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | ||||
CVE-2024-55226 | 1 Dani-garcia | 1 Vaultwarden | 2025-06-24 | 5.4 Medium |
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. | ||||
CVE-2025-50048 | 2025-06-24 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9. | ||||
CVE-2025-50047 | 2025-06-24 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9. | ||||
CVE-2025-50046 | 2025-06-24 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5. | ||||
CVE-2025-50045 | 2025-06-24 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2. | ||||
CVE-2025-50043 | 2025-06-24 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2. | ||||
CVE-2025-50026 | 2025-06-24 | 5.9 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0. | ||||
CVE-2025-50025 | 2025-06-24 | 5.9 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81. | ||||
CVE-2025-50024 | 2025-06-24 | 5.9 Medium | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3. | ||||
CVE-2024-51379 | 1 Jatos | 1 Jatos | 2025-06-24 | 8.4 High |
Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions. | ||||
CVE-2024-51380 | 1 Jatos | 1 Jatos | 2025-06-24 | 8.4 High |
Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the injected script is executed in the admin's browser, which could lead to unauthorized actions, including account compromise and privilege escalation. | ||||
CVE-2023-1932 | 2 Hibernate, Redhat | 24 Hibernate-validator, A Mq Clients, Amq Broker and 21 more | 2025-06-24 | 6.1 Medium |
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. | ||||
CVE-2025-46096 | 2 Noear, Solon | 2 Solon, Solon | 2025-06-24 | 6.1 Medium |
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component | ||||
CVE-2025-39407 | 1 Caseproof | 1 Memberpress | 2025-06-24 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0. | ||||
CVE-2025-39448 | 1 Crocoblock | 1 Jetelements For Elementor | 2025-06-24 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | ||||
CVE-2025-48237 | 1 Wpfactory | 1 Wishlist For Woocommerce | 2025-06-24 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 3.2.2. | ||||
CVE-2025-48249 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-06-24 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6. | ||||
CVE-2025-48266 | 1 Realmag777 | 1 Active Products Tables For Woocommerce | 2025-06-24 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce allows Stored XSS. This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.8. |