Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24651 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 5.4 Medium |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | ||||
| CVE-2025-6475 | 1 Razormist | 1 Student Result Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6452 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50695 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2025-06-27 | 6.1 Medium |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. | ||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 6.1 Medium |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | ||||
| CVE-2024-53999 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2025-06-27 | 8.1 High |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. | ||||
| CVE-2025-6509 | 1 Seaswalker | 1 Spring Analysis | 2025-06-27 | 3.5 Low |
| A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-27584 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update. | ||||
| CVE-2025-27585 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update. | ||||
| CVE-2024-53382 | 1 Prismjs | 1 Prism | 2025-06-27 | 4.9 Medium |
| Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. | ||||
| CVE-2024-53386 | 1 Piqnt | 1 Stage.js | 2025-06-27 | 4.9 Medium |
| Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. | ||||
| CVE-2025-3531 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3532 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3533 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-46260 | 2 Wordpress, Wowdevs | 2 Wordpress, Sky Addons For Elementor | 2025-06-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1. | ||||
| CVE-2025-46472 | 2 Webangon, Wordpress | 2 The Pack Elementor Addons, Wordpress | 2025-06-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.2. | ||||
| CVE-2025-3302 | 2 Wordpress, Xagio | 2 Wordpress, Seo Ai Plugin | 2025-06-27 | 7.2 High |
| The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0. | ||||
| CVE-2025-47477 | 2 Revmakx, Wordpress | 2 Backup And Staging By Wp Time Capsule, Wordpress | 2025-06-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23. | ||||
| CVE-2025-0809 | 2 Kpgraham, Wordpress | 2 Link Fixer Plugin, Wordpress | 2025-06-27 | 7.2 High |
| The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1490 | 2 Brijeshk89, Wordpress | 2 Smart Maintenance Mode, Wordpress | 2025-06-27 | 6.1 Medium |
| The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||