Total
41742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4456 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-06-30 | N/A | 4.1 MEDIUM |
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | |||||
| CVE-2024-2697 | 1 Swiftideas | 1 Swift Framework | 2025-06-30 | N/A | 6.5 MEDIUM |
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2024-3634 | 1 Benaceur-php | 1 Month Name Translation Benaceur | 2025-06-30 | N/A | 4.8 MEDIUM |
| The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2019-3578 | 1 Mybb | 1 Mybb | 2025-06-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyBB 1.8.19 has XSS in the resetpassword function. | |||||
| CVE-2025-45879 | 1 Miliaris | 1 Amygdala | 2025-06-30 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | |||||
| CVE-2024-47226 | 1 Netbox | 1 Netbox | 2025-06-30 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended. | |||||
| CVE-2024-56915 | 1 Netbox | 1 Netbox | 2025-06-30 | N/A | 6.5 MEDIUM |
| Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. | |||||
| CVE-2024-56917 | 1 Netbox | 1 Netbox | 2025-06-30 | N/A | 7.1 HIGH |
| Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. | |||||
| CVE-2024-56916 | 1 Netbox | 1 Netbox | 2025-06-30 | N/A | 6.1 MEDIUM |
| In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger. | |||||
| CVE-2024-56918 | 1 Netbox | 1 Netbox | 2025-06-30 | N/A | 6.1 MEDIUM |
| In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. | |||||
| CVE-2024-29217 | 1 Apache | 1 Answer | 2025-06-30 | N/A | 4.6 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | |||||
| CVE-2024-48648 | 1 Sage | 1 Sage Frp 1000 | 2025-06-27 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding. | |||||
| CVE-2024-57326 | 1 Online Pizza Delivery System Project | 1 Online Pizza Delivery System | 2025-06-27 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter. | |||||
| CVE-2024-57041 | 1 Nodebb | 1 Nodebb | 2025-06-27 | N/A | 4.6 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile. | |||||
| CVE-2023-24651 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 5.4 MEDIUM |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | |||||
| CVE-2025-6475 | 1 Razormist | 1 Student Result Management System | 2025-06-27 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6452 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-50695 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2025-06-27 | N/A | 6.1 MEDIUM |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. | |||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | |||||
| CVE-2024-53999 | 1 Opensecurity | 1 Mobile Security Framework | 2025-06-27 | N/A | 8.1 HIGH |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. | |||||