Total
37862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14520 | 1 Getkirby | 1 Kirby | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | |||||
| CVE-2024-21154 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Human Resources | 2025-06-17 | N/A | 4.3 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2024-36674 | 1 Lylme | 1 Lylme Spage | 2025-06-17 | N/A | 6.1 MEDIUM |
| LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php. | |||||
| CVE-2025-4325 | 1 Mrcms | 1 Mrcms | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4326 | 1 Mrcms | 1 Mrcms | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-28063 | 1 Totemo | 1 Totemomail | 2025-06-17 | N/A | 6.1 MEDIUM |
| Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS. | |||||
| CVE-2024-55651 | 1 Portabilis | 1 I-educar | 2025-06-17 | N/A | 5.4 MEDIUM |
| i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist. | |||||
| CVE-2024-35432 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 6.1 MEDIUM |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | |||||
| CVE-2025-47091 | 1 Adobe | 1 Experience Manager | 2025-06-17 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-28380 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. | |||||
| CVE-2024-5475 | 1 Lepileppanen | 1 Responsive Video Embed | 2025-06-17 | N/A | 5.4 MEDIUM |
| The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-4749 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-06-17 | N/A | 8.3 HIGH |
| The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2023-4826 | 1 Socialdriver | 1 Socialdriver | 2025-06-17 | N/A | 6.1 MEDIUM |
| The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack. | |||||
| CVE-2024-50599 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-17 | N/A | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response. | |||||
| CVE-2022-40361 | 1 Elitecms | 1 Elite Cms | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. | |||||
| CVE-2024-23735 | 1 Savignano | 1 S-notify | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate. | |||||
| CVE-2023-40355 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | |||||
| CVE-2023-40262 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-06-17 | N/A | 6.1 MEDIUM |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request. | |||||
| CVE-2023-52329 | 1 Trendmicro | 1 Apex Central | 2025-06-17 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | |||||
| CVE-2023-52274 | 1 Yzmcms | 1 Yzmcms | 2025-06-17 | N/A | 6.1 MEDIUM |
| member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | |||||