ReportizFlow
Filtered by vendor
Subscriptions
Total
45030 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22549 | 1 Flycms Project | 1 Flycms | 2025-06-20 | 5.4 Medium |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | ||||
| CVE-2024-0606 | 1 Mozilla | 1 Firefox Focus | 2025-06-20 | 6.1 Medium |
| An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. | ||||
| CVE-2023-52330 | 1 Trendmicro | 1 Apex One | 2025-06-20 | 6.1 Medium |
| A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2023-51946 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2023-41176 | 1 Trendmicro | 1 Mobile Security | 2025-06-20 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | ||||
| CVE-2024-31651 | 1 Oretnom23 | 1 Cosmetics And Beauty Product Online Store | 2025-06-20 | 6.1 Medium |
| A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | ||||
| CVE-2024-55224 | 1 Dani-garcia | 1 Vaultwarden | 2025-06-20 | 9.6 Critical |
| An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. | ||||
| CVE-2024-37776 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. | ||||
| CVE-2024-22714 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-06-20 | 6.1 Medium |
| Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. | ||||
| CVE-2024-0233 | 1 Myeventon | 1 Eventon | 2025-06-20 | 6.1 Medium |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-7084 | 1 Davidjmiller | 1 Voting Record | 2025-06-20 | 5.4 Medium |
| The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks | ||||
| CVE-2023-6005 | 1 Myeventon | 1 Eventon | 2025-06-20 | 4.8 Medium |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-51807 | 1 Ofcms Project | 1 Ofcms | 2025-06-20 | 5.4 Medium |
| Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component. | ||||
| CVE-2023-48104 | 1 Alinto | 1 Sogo | 2025-06-20 | 6.1 Medium |
| Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. | ||||
| CVE-2025-21616 | 1 Plane | 1 Plane | 2025-06-20 | 5.4 Medium |
| Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image. | ||||
| CVE-2024-50659 | 1 Ipublishmedia | 1 Adportal | 2025-06-20 | 6.1 Medium |
| Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. | ||||
| CVE-2024-23174 | 1 Mediawiki | 1 Mediawiki | 2025-06-20 | 5.4 Medium |
| An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. | ||||
| CVE-2024-23171 | 1 Mediawiki | 1 Mediawiki | 2025-06-20 | 5.4 Medium |
| An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). | ||||
| CVE-2023-6941 | 1 Keap | 1 Official Opt-in Forms | 2025-06-20 | 4.8 Medium |
| The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2023-51064 | 1 Qstar | 1 Archive Storage Manager | 2025-06-20 | 6.1 Medium |
| QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. | ||||