ReportizFlow
Filtered by vendor
Subscriptions
Total
45086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2025-05-28 | 5.4 Medium |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | ||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12679 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | 4.8 Medium |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12680 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | 4.8 Medium |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13482 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | 4.8 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13486 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | 4.8 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-8703 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | 6.1 Medium |
| The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs. | ||||
| CVE-2025-0687 | 1 Mynamedia | 1 Spiritual Gifts Survey \(and Optional S.h.a.p.e Survey\) | 2025-05-28 | 6.1 Medium |
| The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | ||||
| CVE-2025-0688 | 1 Mynamedia | 1 Spiritual Gifts Survey \(and Optional S.h.a.p.e Survey\) | 2025-05-28 | 6.1 Medium |
| The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | ||||
| CVE-2025-4745 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3255 | 1 Pimcore | 1 Pimcore | 2025-05-28 | 4.8 Medium |
| If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. | ||||
| CVE-2025-3996 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-28 | 2.4 Low |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-41240 | 1 Jenkins | 1 Walti | 2025-05-28 | 5.4 Medium |
| Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | ||||
| CVE-2022-41239 | 1 Jenkins | 1 Dotci | 2025-05-28 | 5.4 Medium |
| Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-41229 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-05-28 | 5.4 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2024-51320 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-05-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components | ||||
| CVE-2025-25747 | 1 Digitaldruid | 1 Hoteldruid | 2025-05-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint | ||||
| CVE-2025-44184 | 1 Mayurik | 1 Best Employee Management System | 2025-05-28 | 4.8 Medium |
| SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. | ||||
| CVE-2025-44180 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-05-28 | 6.1 Medium |
| Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. | ||||