Total
35944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2673 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-38832 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.1 High |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2024-38833 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 6.8 Medium |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2024-38834 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 6.5 Medium |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2024-11108 | 1 Cryoutcreations | 1 Serious Slider | 2025-05-14 | 5.4 Medium |
| The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-8968 | 1 Maxfoundry | 1 Maxbuttons | 2025-05-14 | 4.7 Medium |
| The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-42069 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | 5.4 Medium |
| Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-42066 | 1 Projectworlds | 1 Online Examination System | 2025-05-14 | 6.1 Medium |
| Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | ||||
| CVE-2022-3149 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2025-05-14 | 6.1 Medium |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting | ||||
| CVE-2022-3139 | 1 Designextreme | 1 We\'re Open | 2025-05-14 | 4.8 Medium |
| The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-9638 | 1 Zephyrwest | 1 Category Posts Widget | 2025-05-14 | 4.8 Medium |
| The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-45985 | 1 Varunsardana004 | 1 Blood Bank And Donation Management System | 2025-05-14 | 4.7 Medium |
| A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php | ||||
| CVE-2024-45984 | 1 Varunsardana004 | 1 Blood Bank And Donation Management System | 2025-05-14 | 4.7 Medium |
| A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed. | ||||
| CVE-2024-10151 | 1 Toolstack | 1 Auto Iframe | 2025-05-14 | 5.4 Medium |
| The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4960 | 1 Favorites-web Project | 1 Favorites-web | 2025-05-14 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-12585 | 1 Wp-property-hive | 1 Propertyhive | 2025-05-14 | 6.1 Medium |
| The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-10815 | 1 Reneade | 1 Postlists | 2025-05-14 | 4.2 Medium |
| The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-12096 | 1 Ulfben | 1 Exhibit To Wp Gallery | 2025-05-14 | 6.1 Medium |
| The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-24225 | 2025-05-14 | 6.5 Medium | ||
| An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. | ||||
| CVE-2022-42071 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | 6.1 Medium |
| Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | ||||