Total
41742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | |||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | |||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | |||||
| CVE-2025-32920 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | |||||
| CVE-2025-3902 | 1 Four Kitchens | 1 Block Class | 2025-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | |||||
| CVE-2025-29573 | 1 Jupo | 1 Mezzanine | 2025-06-16 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | |||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | N/A | 4.8 MEDIUM |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | |||||
| CVE-2025-29602 | 1 Flatpress | 1 Flatpress | 2025-06-16 | N/A | 6.1 MEDIUM |
| flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. | |||||
| CVE-2025-29746 | 1 Benjaminjonard | 1 Koillection | 2025-06-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | |||||
| CVE-2024-25712 | 1 Http-swagger Project | 1 Http-swagger | 2025-06-16 | N/A | 6.1 MEDIUM |
| http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files. | |||||
| CVE-2023-51246 | 1 Get-simple | 1 Getsimplecms | 2025-06-16 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | |||||
| CVE-2023-51072 | 1 Nagios | 1 Nagios Xi | 2025-06-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | |||||
| CVE-2023-51067 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | N/A | 6.1 MEDIUM |
| An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | |||||
| CVE-2023-31506 | 1 Getgrav | 1 Grav | 2025-06-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | |||||
| CVE-2025-28073 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | |||||
| CVE-2025-28074 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2025-27754 | 1 Rsjoomla | 1 Rsform\!blog | 2025-06-16 | N/A | 6.5 MEDIUM |
| A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content. | |||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-37394 | 1 Vanderbilt | 1 Redcap | 2025-06-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious scripts when the dashboard is viewed. Users are recommended to update to version 14.2.1 or later to mitigate this vulnerability. | |||||