Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8787 | 1 Portabilis | 1 I-diario | 2025-09-02 | 3.5 Low |
| A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8788 | 1 Portabilis | 1 I-diario | 2025-09-02 | 3.5 Low |
| A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8812 | 2 Atjiu, Pybbs Project | 2 Pybbs, Pybbs | 2025-09-02 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-3733 | 1 Baguettebox.js Project | 1 Baguettebox.js | 2025-09-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1. | ||||
| CVE-2024-52888 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2025-09-02 | 5.4 Medium |
| For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. | ||||
| CVE-2024-52887 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2025-09-02 | 3.5 Low |
| Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. | ||||
| CVE-2025-31695 | 1 Upstreamable | 1 Link Field Display Mode Formatter | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0. | ||||
| CVE-2025-31696 | 1 Chapterthree | 1 Rapidoc Oas Field Formatter | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1. | ||||
| CVE-2025-31697 | 1 Formatter Suite Project | 1 Formatter Suite | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0. | ||||
| CVE-2025-31286 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | 4.6 Medium |
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2024-13292 | 1 Tooltip Project | 1 Tooltip | 2025-09-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. | ||||
| CVE-2024-13294 | 1 Post File Project | 1 Post File | 2025-09-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | ||||
| CVE-2024-13298 | 1 Kleegroup | 1 Tarte Au Citron | 2025-09-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5. | ||||
| CVE-2024-13301 | 1 Miniorange | 1 Oauth \& Openid Connect Single Sign-on | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19. | ||||
| CVE-2024-13283 | 1 Facets Project | 1 Facets | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | ||||
| CVE-2024-13286 | 1 Svg Embed Project | 1 Svg Embed | 2025-09-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. | ||||
| CVE-2024-13287 | 1 Views Svg Animation Project | 1 Views Svg Animation | 2025-09-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. | ||||
| CVE-2024-13289 | 1 Usercentrics | 1 Cookiebot \+ Gtm | 2025-09-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. | ||||
| CVE-2025-9107 | 1 Portabilis | 1 I-diario | 2025-09-02 | 4.3 Medium |
| A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9106 | 1 Portabilis | 1 I-diario | 2025-09-02 | 3.5 Low |
| A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||