Total
37599 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4415 | 1 Matomo | 1 Piwik Pro | 2025-06-25 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2. | ||||
| CVE-2023-39515 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-06-25 | 6.1 Medium |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | ||||
| CVE-2025-48206 | 1 Nitsan | 1 Ns-backup | 2025-06-25 | 6.1 Medium |
| The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | ||||
| CVE-2025-45754 | 1 Seeddms | 1 Seeddms | 2025-06-25 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. | ||||
| CVE-2023-4870 | 1 Contact Manager App Project | 1 Contact Manager App | 2025-06-25 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355. | ||||
| CVE-2025-45880 | 1 Miliaris | 1 Amygdala | 2025-06-24 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | ||||
| CVE-2025-45878 | 1 Miliaris | 1 Amygdala | 2025-06-24 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | ||||
| CVE-2024-11694 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-06-24 | 6.1 Medium |
| Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. | ||||
| CVE-2024-50637 | 2 Unopim, Webkul | 2 Unopim, Unopim | 2025-06-24 | 5.4 Medium |
| UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies. | ||||
| CVE-2023-2142 | 1 Mozilla | 1 Nunjucks | 2025-06-24 | 6.1 Medium |
| In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character. | ||||
| CVE-2025-3643 | 1 Moodle | 1 Moodle | 2025-06-24 | 5.4 Medium |
| A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. | ||||
| CVE-2025-6126 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-6125 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 2.4 Low |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6127 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-24 | 3.5 Low |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search-report.php. The manipulation of the argument serachdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29280 | 1 Perfree | 1 Perfreeblog | 2025-06-24 | 4.8 Medium |
| Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code. | ||||
| CVE-2024-9699 | 1 Flatpress | 1 Flatpress | 2025-06-24 | 5.4 Medium |
| A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev. | ||||
| CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | 2.4 Low |
| A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42898 | 1 Nagios | 1 Nagios Xi | 2025-06-24 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | ||||
| CVE-2024-55226 | 1 Dani-garcia | 1 Vaultwarden | 2025-06-24 | 5.4 Medium |
| Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. | ||||
| CVE-2025-50048 | 2025-06-24 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9. | ||||