Total
39263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3575 | 1 Mindsdb | 1 Mindsdb | 2025-10-29 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb | |||||
| CVE-2024-5410 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-29 | N/A | 5.4 MEDIUM |
| Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2024-30112 | 1 Hcltech | 1 Connections | 2025-10-28 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | |||||
| CVE-2024-39595 | 1 Sap | 2 Business Warehouse, Business Warehouse Virtual Comp | 2025-10-28 | N/A | 5.4 MEDIUM |
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application. | |||||
| CVE-2024-0640 | 1 Chatwoot | 1 Chatwoot | 2025-10-28 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2. | |||||
| CVE-2024-10088 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.1 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2024-10089 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 5.4 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2024-10090 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.1 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2024-13598 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.1 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2024-49707 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.1 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2024-49708 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 5.4 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | |||||
| CVE-2025-27441 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-28 | N/A | 4.6 MEDIUM |
| Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | |||||
| CVE-2025-27442 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-28 | N/A | 4.6 MEDIUM |
| Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | |||||
| CVE-2024-10087 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 5.4 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0 | |||||
| CVE-2025-59838 | 1 Monkeytype | 1 Monkeytype | 2025-10-28 | N/A | 5.4 MEDIUM |
| Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0. | |||||
| CVE-2025-62943 | 2025-10-28 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt McInvale Next Page, Not Next Post next-page-not-next-post allows Stored XSS.This issue affects Next Page, Not Next Post: from n/a through <= 0.3.0. | |||||
| CVE-2025-62942 | 2025-10-28 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tempranova WP Mapbox GL JS Maps wp-mapbox-gl-js allows Stored XSS.This issue affects WP Mapbox GL JS Maps: from n/a through <= 3.0.1. | |||||
| CVE-2025-62941 | 2025-10-28 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker by dFactory: from n/a through <= 1.6.14. | |||||
| CVE-2025-62940 | 2025-10-28 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through <= 1.2.8. | |||||
| CVE-2025-62939 | 2025-10-28 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Open Currency Converter artiss-currency-converter allows Stored XSS.This issue affects Open Currency Converter: from n/a through <= 1.5.0. | |||||