Total
41605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25233 | 2025-12-29 | N/A | 5.3 MEDIUM | ||
| AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions. | |||||
| CVE-2019-25244 | 2025-12-29 | N/A | 5.3 MEDIUM | ||
| Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters. | |||||
| CVE-2025-2406 | 2025-12-29 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting (XSS).This issue affects Trizbi: before 2.144.4. | |||||
| CVE-2025-2307 | 2025-12-29 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting (XSS).This issue affects Aidango: before 2.144.4. | |||||
| CVE-2025-2405 | 2025-12-29 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting (XSS).This issue affects Titarus: before 2.144.4. | |||||
| CVE-2025-15149 | 2025-12-29 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15095 | 2025-12-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-15134 | 2025-12-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-64030 | 1 Chinasystems | 1 Eximbills Enterprise | 2025-12-29 | N/A | 5.4 MEDIUM |
| Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers. | |||||
| CVE-2023-53976 | 1 Mybb | 1 Mybb | 2025-12-27 | N/A | 5.4 MEDIUM |
| myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed. | |||||
| CVE-2025-2748 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 6.1 MEDIUM |
| The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | |||||
| CVE-2024-58323 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder. | |||||
| CVE-2024-58322 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers. | |||||
| CVE-2024-58321 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers. | |||||
| CVE-2024-58319 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers. | |||||
| CVE-2024-58318 | 1 Kentico | 1 Xperience | 2025-12-27 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers. | |||||
| CVE-2023-53978 | 1 Mybb | 1 Mybb | 2025-12-27 | N/A | 5.4 MEDIUM |
| myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum. | |||||
| CVE-2023-53977 | 1 Mybb | 1 Mybb | 2025-12-27 | N/A | 5.4 MEDIUM |
| myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when adding new forums through the 'Forums and Posts' > 'Forum Management' interface, causing arbitrary JavaScript to execute when the forum listing is viewed. | |||||
| CVE-2023-53953 | 1 Websitebaker | 1 Websitebaker | 2025-12-27 | N/A | 5.4 MEDIUM |
| WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users. | |||||
| CVE-2023-53932 | 1 S9y | 1 Serendipity | 2025-12-27 | N/A | 5.4 MEDIUM |
| Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post. | |||||