Export limit exceeded: 349896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6397 | 1 Ankara Hosting Website Design | 1 Website Software | 2026-04-15 | 8.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51419 | 1 Shenzhen Interconnection Harbor Network Technology | 1 Ofweek Online Exhibition | 2026-04-15 | 6.1 Medium |
| Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-51430 | 1 Sourcecodester | 1 Online Diagnostic Lab Management System | 2026-04-15 | 6.4 Medium |
| Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. | ||||
| CVE-2024-51434 | 1 Froala | 1 Wysiwyg Editon | 2026-04-15 | 6.1 Medium |
| Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. | ||||
| CVE-2025-53543 | 2026-04-15 | 4.2 Medium | ||
| Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0. | ||||
| CVE-2025-9227 | 1 Zohocorp | 1 Manageengine Opmanager | 2026-04-15 | 6.5 Medium |
| Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor. | ||||
| CVE-2025-9226 | 1 Zohocorp | 3 Manageengine Netflow Analyzer, Manageengine Opmanager, Manageengine Oputils | 2026-04-15 | 4.6 Medium |
| Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | ||||
| CVE-2025-9225 | 1 Mobile-industrial-robots | 5 Mir100, Mir1000, Mir200 and 2 more | 2026-04-15 | 5.5 Medium |
| Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser | ||||
| CVE-2025-29526 | 2026-04-15 | 6.1 Medium | ||
| A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter. | ||||
| CVE-2024-52283 | 2026-04-15 | 5.7 Medium | ||
| Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project | ||||
| CVE-2025-4987 | 2026-04-15 | 8.7 High | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2025-30092 | 2026-04-15 | 6.1 Medium | ||
| Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in multiple Velocity scripts. | ||||
| CVE-2025-30090 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-15 | 7.2 High |
| mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true. | ||||
| CVE-2025-30123 | 2026-04-15 | 9.8 Critical | ||
| An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device. | ||||
| CVE-2025-30122 | 2026-04-15 | 9.8 Critical | ||
| An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices. | ||||
| CVE-2025-4666 | 2026-04-15 | 6.4 Medium | ||
| The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3020 | 2026-04-15 | 5.4 Medium | ||
| An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact. | ||||
| CVE-2024-52387 | 2 Liton Arefin, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.4. | ||||
| CVE-2025-30900 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0. | ||||
| CVE-2021-23282 | 2026-04-15 | 5.2 Medium | ||
| Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system | ||||