Total
38030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48974 | 1 Axigen | 1 Axigen Mail Server | 2025-06-17 | N/A | 9.6 CRITICAL |
| Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | N/A | 6.1 MEDIUM |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | |||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2025-06-17 | N/A | 6.1 MEDIUM |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-36236 | 1 Webkul | 1 Bagisto | 2025-06-17 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. | |||||
| CVE-2023-25365 | 1 Octobercms | 1 October | 2025-06-17 | N/A | 7.8 HIGH |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | |||||
| CVE-2023-25295 | 1 Gruen | 1 Evewa3 | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. | |||||
| CVE-2024-33791 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | |||||
| CVE-2024-34467 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | N/A | 6.1 MEDIUM |
| ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. | |||||
| CVE-2024-34468 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 6.1 MEDIUM |
| Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. | |||||
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 7.1 HIGH |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | |||||
| CVE-2024-29273 | 1 Dzzoffice | 1 Dzzoffice | 2025-06-17 | N/A | 6.1 MEDIUM |
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | |||||
| CVE-2025-21572 | 1 Oracle | 1 Opengrok | 2025-06-17 | N/A | 6.1 MEDIUM |
| OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output. | |||||
| CVE-2024-24115 | 1 Cotonti | 1 Siena | 2025-06-17 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | |||||
| CVE-2025-5010 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5011 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5013 | 1 Hkcms | 1 Hkcms | 2025-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | N/A | 8.3 HIGH |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | |||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||