Total
37432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | ||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 6.5 Medium |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-06-17 | 6.5 Medium |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | ||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | ||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | ||||
| CVE-2025-32920 | 2025-06-17 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | ||||
| CVE-2025-3902 | 1 Four Kitchens | 1 Block Class | 2025-06-17 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | ||||
| CVE-2025-45236 | 1 86dbs | 1 Dbsyncer | 2025-06-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter. | ||||
| CVE-2025-29573 | 1 Jupo | 1 Mezzanine | 2025-06-16 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | ||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | 4.8 Medium |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | ||||
| CVE-2025-29602 | 1 Flatpress | 1 Flatpress | 2025-06-16 | 6.1 Medium |
| flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. | ||||
| CVE-2025-29746 | 1 Benjaminjonard | 1 Koillection | 2025-06-16 | 6.1 Medium |
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | ||||
| CVE-2024-25712 | 1 Http-swagger Project | 1 Http-swagger | 2025-06-16 | 6.1 Medium |
| http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files. | ||||
| CVE-2023-51246 | 1 Get-simple | 1 Getsimplecms | 2025-06-16 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | ||||
| CVE-2023-51072 | 1 Nagios | 1 Nagios Xi | 2025-06-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | ||||
| CVE-2023-51067 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | 6.1 Medium |
| An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | ||||
| CVE-2023-31506 | 1 Getgrav | 1 Grav | 2025-06-16 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | ||||
| CVE-2023-51328 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-06-16 | 5.4 Medium |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | ||||
| CVE-2025-28073 | 1 Phplist | 1 Phplist | 2025-06-16 | 6.1 Medium |
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | ||||