Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21572 | 1 Oracle | 1 Opengrok | 2025-06-17 | 6.1 Medium |
| OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2025-06-17 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | ||||
| CVE-2025-5010 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 2.4 Low |
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5011 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 2.4 Low |
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5013 | 1 Hkcms | 1 Hkcms | 2025-06-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 8.3 High |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | ||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | 6.5 Medium |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | ||||
| CVE-2024-24574 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-06-17 | 6.5 Medium |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. | ||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | ||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | ||||
| CVE-2025-32920 | 2025-06-17 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | ||||
| CVE-2025-3902 | 1 Four Kitchens | 1 Block Class | 2025-06-17 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | ||||
| CVE-2025-45236 | 1 86dbs | 1 Dbsyncer | 2025-06-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter. | ||||
| CVE-2025-29573 | 1 Jupo | 1 Mezzanine | 2025-06-16 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | ||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | 4.8 Medium |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | ||||
| CVE-2025-29602 | 1 Flatpress | 1 Flatpress | 2025-06-16 | 6.1 Medium |
| flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. | ||||
| CVE-2025-29746 | 1 Benjaminjonard | 1 Koillection | 2025-06-16 | 6.1 Medium |
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | ||||
| CVE-2024-25712 | 1 Http-swagger Project | 1 Http-swagger | 2025-06-16 | 6.1 Medium |
| http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files. | ||||