Total
37358 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | 7.1 High |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | ||||
| CVE-2024-29273 | 1 Dzzoffice | 1 Dzzoffice | 2025-06-17 | 6.1 Medium |
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | ||||
| CVE-2024-0688 | 1 Pubsubhubbub | 1 Websub | 2025-06-17 | 4.4 Medium |
| The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-21572 | 1 Oracle | 1 Opengrok | 2025-06-17 | 6.1 Medium |
| OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2025-06-17 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | ||||
| CVE-2025-5010 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 2.4 Low |
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5011 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 2.4 Low |
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5013 | 1 Hkcms | 1 Hkcms | 2025-06-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | ||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 6.5 Medium |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-06-17 | 6.5 Medium |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | ||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | ||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | ||||
| CVE-2025-32920 | 2025-06-17 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | ||||
| CVE-2025-3902 | 1 Four Kitchens | 1 Block Class | 2025-06-17 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | ||||
| CVE-2025-45236 | 1 86dbs | 1 Dbsyncer | 2025-06-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter. | ||||
| CVE-2025-29573 | 1 Jupo | 1 Mezzanine | 2025-06-16 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | ||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | 4.8 Medium |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | ||||