Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0083 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-18 | 6.5 Medium |
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | ||||
| CVE-2025-57538 | 1 Proxmox | 1 Virtual Environment | 2025-09-18 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view the affected configuration page. This can lead to arbitrary JavaScript execution. | ||||
| CVE-2025-57539 | 1 Proxmox | 2 Proxmox, Virtual Environment | 2025-09-18 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially leading to session hijacking or other attacks. | ||||
| CVE-2025-10566 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 4.3 Medium |
| A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-56293 | 2 Code-projects, Fabianros | 2 Human Resource Integrated System, Human Resource Integrated System | 2025-09-18 | 5.4 Medium |
| code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field. | ||||
| CVE-2025-56289 | 2 Code-projects, Fabian | 2 Document Management System, Document Management System | 2025-09-18 | 5.4 Medium |
| code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files. | ||||
| CVE-2025-56280 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | 5.4 Medium |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. | ||||
| CVE-2025-56276 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | 5.4 Medium |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information. | ||||
| CVE-2025-56697 | 1 Askar634 | 1 Computer Base Test | 2025-09-18 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php. | ||||
| CVE-2025-57117 | 1 Remyandrade | 1 Employee Management System | 2025-09-18 | 5.4 Medium |
| A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department. | ||||
| CVE-2024-29154 | 1 Danielmiessler | 1 Fabric | 2025-09-18 | 7.4 High |
| danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. | ||||
| CVE-2024-28434 | 1 Twenty | 1 Twenty | 2025-09-18 | 7.6 High |
| The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | ||||
| CVE-2025-36139 | 1 Ibm | 1 Watsonx.data | 2025-09-18 | 5.5 Medium |
| IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-33008 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-18 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-28157 | 1 Jenkins | 1 Gitbucket | 2025-09-18 | 8.0 High |
| Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | ||||
| CVE-2025-9656 | 1 Phpgurukul | 1 Directory Management System | 2025-09-18 | 4.3 Medium |
| A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10632 | 1 Itsourcecode | 1 Online Petshop Management System | 2025-09-18 | 3.5 Low |
| A security flaw has been discovered in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10631 | 1 Itsourcecode | 1 Online Petshop Management System | 2025-09-18 | 3.5 Low |
| A vulnerability was identified in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products Page. The manipulation of the argument name/description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-0547 | 1 Parasut Software | 1 Bizmu | 2025-09-18 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS).This issue affects Bizmu: from 2.27.0 through 20250212. | ||||
| CVE-2025-9992 | 2 Nko, Wordpress | 2 Ghost Kit Plugin, Wordpress | 2025-09-18 | 6.4 Medium |
| The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||