Total
36489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4960 | 1 Wclovers | 1 Wcfm Marketplace | 2025-06-03 | 6.4 Medium |
| The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49260 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-03 | 6.1 Medium |
| An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255. | ||||
| CVE-2023-49258 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-03 | 6.1 Medium |
| User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. | ||||
| CVE-2023-41791 | 1 Artica | 1 Pandora Fms | 2025-06-03 | 8.4 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity of some configuration files. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-6275 | 1 Totvs | 1 Fluig | 2025-06-03 | 3.5 Low |
| A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104. | ||||
| CVE-2024-0422 | 1 Codeastro | 1 Pos And Inventory Management System | 2025-06-03 | 3.5 Low |
| A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability. | ||||
| CVE-2024-0424 | 1 Codeastro | 1 Simple Banking System | 2025-06-03 | 3.5 Low |
| A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443. | ||||
| CVE-2023-6297 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-03 | 4.3 Medium |
| A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123. | ||||
| CVE-2024-0476 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-06-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability. | ||||
| CVE-2024-0500 | 1 Oretnom23 | 1 House Rental Management System | 2025-06-03 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608. | ||||
| CVE-2024-0504 | 1 Fabianros | 1 Simple Online Hotel Reservation System | 2025-06-03 | 3.5 Low |
| A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0314 | 1 Fireeye | 1 Central Management | 2025-06-03 | 5.4 Medium |
| XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. | ||||
| CVE-2024-0317 | 1 Fireeye | 6 Ex 3500, Ex 3500 Firmware, Ex 5500 and 3 more | 2025-06-03 | 5.4 Medium |
| Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. | ||||
| CVE-2024-0320 | 1 Fireeye | 1 Malware Analysis | 2025-06-03 | 5.4 Medium |
| Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. | ||||
| CVE-2023-6420 | 1 Aatifaneeq | 1 Voovi | 2025-06-03 | 6.5 Medium |
| A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | ||||
| CVE-2023-6428 | 1 Bigprof | 1 Online Invoicing System | 2025-06-03 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-46086 | 1 Servit | 1 Affiliate-toolkit | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | ||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | ||||
| CVE-2025-5153 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-06-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-48314 | 1 Collaboraoffice | 1 Collabora Online | 2025-06-03 | 7.1 High |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.403. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||