ReportizFlow
Filtered by vendor
Subscriptions
Total
44773 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30754 | 1 Wpfoxly | 1 Adfoxly | 2026-02-25 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin <= 1.8.5 versions. | ||||
| CVE-2015-9354 | 1 Tri | 1 Gigpress | 2026-02-25 | 4.8 Medium |
| The gigpress plugin before 2.3.11 for WordPress has XSS. | ||||
| CVE-2024-22128 | 2 Sap, Sap Se | 2 Netweaver Business Client For Html, Sap Netweaver Business Client For Html | 2026-02-25 | 4.7 Medium |
| SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation. | ||||
| CVE-2021-23125 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors. | ||||
| CVE-2022-27910 | 1 Joomlatools | 1 Docman | 2026-02-25 | 6.1 Medium |
| In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function | ||||
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
| CVE-2021-26035 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | ||||
| CVE-2021-23129 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | ||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | ||||
| CVE-2021-26032 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. | ||||
| CVE-2021-23130 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. | ||||
| CVE-2021-23124 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. | ||||
| CVE-2022-23796 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | ||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | ||||
| CVE-2021-26030 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page | ||||
| CVE-2025-13523 | 1 Mattermost | 1 Confluence | 2026-02-25 | 7.7 High |
| Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557 | ||||
| CVE-2022-3194 | 1 Dokan | 1 Dokan | 2026-02-24 | 5.4 Medium |
| The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. | ||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | 6.1 Medium |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | ||||
| CVE-2022-22529 | 1 Sap | 1 Enterprise Threat Detection | 2026-02-24 | 6.1 Medium |
| SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. | ||||
| CVE-2025-65027 | 2 Romm.app, Rommapp | 2 Romm, Romm | 2026-02-24 | 7.6 High |
| RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browser executes embedded JavaScript, leading to stored Cross-Site Scripting (XSS) which when combined with a CSRF misconfiguration they lead to achieve full administrative account takeover, creating a rogue admin account, escalating the attacker account role to admin, and much more. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2. | ||||