Total
37352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52274 | 1 Yzmcms | 1 Yzmcms | 2025-06-17 | 6.1 Medium |
| member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | ||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2025-06-17 | 6.1 Medium |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | ||||
| CVE-2023-50092 | 1 Apiida | 1 Api Gateway Manager | 2025-06-17 | 6.1 Medium |
| APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-49950 | 1 Logpoint | 1 Siem | 2025-06-17 | 5.4 Medium |
| The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. | ||||
| CVE-2023-49101 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | 6.1 Medium |
| WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates. | ||||
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | 9.6 Critical |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | ||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | 6.1 Medium |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | ||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2025-06-17 | 6.1 Medium |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-36236 | 1 Webkul | 1 Bagisto | 2025-06-17 | 4.8 Medium |
| Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. | ||||
| CVE-2023-25365 | 1 Octobercms | 1 October | 2025-06-17 | 7.8 High |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | ||||
| CVE-2023-25295 | 1 Gruen | 1 Evewa3 | 2025-06-17 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. | ||||
| CVE-2024-33791 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | ||||
| CVE-2024-34467 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | 6.1 Medium |
| ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. | ||||
| CVE-2024-34468 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | 6.1 Medium |
| Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. | ||||
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | 7.1 High |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | ||||
| CVE-2024-29273 | 1 Dzzoffice | 1 Dzzoffice | 2025-06-17 | 6.1 Medium |
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | ||||
| CVE-2024-0688 | 1 Pubsubhubbub | 1 Websub | 2025-06-17 | 4.4 Medium |
| The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-21572 | 1 Oracle | 1 Opengrok | 2025-06-17 | 6.1 Medium |
| OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2025-06-17 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | ||||