ReportizFlow
Filtered by vendor
Subscriptions
Total
45092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12586 | 1 Alpium | 1 Chalet-montagne.com Tools | 2025-05-23 | 6.1 Medium |
| The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13626 | 1 Vruiz | 1 Vr-frases | 2025-05-23 | 7.1 High |
| The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13627 | 1 Wp-buy | 1 Owl Carousel Slider | 2025-05-23 | 4.7 Medium |
| The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13492 | 1 Wordquest | 1 Guten Free Options | 2025-05-23 | 6.1 Medium |
| The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-55416 | 1 Thecontrolgroup | 1 Voyager | 2025-05-23 | 3.5 Low |
| DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. | ||||
| CVE-2024-13100 | 1 Ashamil | 1 Opsi Israel Domestic Shipments | 2025-05-23 | 6.1 Medium |
| The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12872 | 1 Honzaskypala | 1 Zalomeni | 2025-05-23 | 4.8 Medium |
| The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-25166 | 1 Xiaocheng-keji | 1 71cms | 2025-05-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. | ||||
| CVE-2024-25841 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | 5.9 Medium |
| In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. | ||||
| CVE-2024-48761 | 1 Celk | 1 Celk Saude | 2025-05-23 | 8.8 High |
| Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter. | ||||
| CVE-2024-51182 | 1 Celk | 1 Celk Saude | 2025-05-23 | 6.1 Medium |
| HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter. | ||||
| CVE-2024-43687 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-05-23 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-28662 | 1 Piwigo | 1 Piwigo | 2025-05-23 | 5.4 Medium |
| A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. | ||||
| CVE-2025-0790 | 1 Esafenet | 1 Cdg | 2025-05-23 | 3.5 Low |
| A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4461 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-23 | 2.4 Low |
| A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4460 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-23 | 2.4 Low |
| A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-6371 | 1 Gitlab | 1 Gitlab | 2025-05-23 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | ||||
| CVE-2022-40358 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-05-22 | 5.4 Medium |
| An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. | ||||
| CVE-2022-35721 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2025-05-22 | 5.4 Medium |
| IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380. | ||||
| CVE-2022-35251 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 5.4 Medium |
| A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed. | ||||