Total
44681 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67483 | 1 Mediawiki | 1 Mediawiki | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. | |||||
| CVE-2025-67481 | 1 Mediawiki | 1 Mediawiki | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | |||||
| CVE-2025-67477 | 1 Mediawiki | 1 Mediawiki | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | |||||
| CVE-2025-67475 | 1 Mediawiki | 1 Mediawiki | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | |||||
| CVE-2025-67448 | 2026-06-17 | N/A | 7.1 HIGH | ||
| The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed. | |||||
| CVE-2025-67443 | 1 Schlix | 1 Cms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel. | |||||
| CVE-2025-67438 | 1 Sync-in | 1 Sync-in Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information, including the user's session cookies. | |||||
| CVE-2025-67349 | 1 Fluentcms | 1 Fluentcms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the <head> section, allowing remote attackers to inject arbitrary script tags. | |||||
| CVE-2025-67344 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 4.6 MEDIUM |
| jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint. | |||||
| CVE-2025-67342 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 4.6 MEDIUM |
| RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions can impact all users by exploiting this stored XSS vulnerability. | |||||
| CVE-2025-67341 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 4.6 MEDIUM |
| jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users. | |||||
| CVE-2025-67316 | 1 Heytap | 1 Internet Browser | 2026-06-17 | N/A | 5.4 MEDIUM |
| An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review. | |||||
| CVE-2025-67291 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. | |||||
| CVE-2025-67290 | 1 Dotnetfoundation | 1 Piranha Cms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field. | |||||
| CVE-2025-67289 | 1 Frappe | 2 Erpnext, Frappe | 2026-06-17 | N/A | 9.6 CRITICAL |
| An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. | |||||
| CVE-2025-67263 | 1 Abacre | 1 Retail Point Of Sale | 2026-06-17 | N/A | 6.1 MEDIUM |
| Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these fields, which, persisted in the database. | |||||
| CVE-2025-67231 | 1 Todesktop | 1 Builder | 2026-06-17 | N/A | 5.9 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. | |||||
| CVE-2025-67202 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb. | |||||
| CVE-2025-67170 | 1 Ritecms | 1 Ritecms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. | |||||
| CVE-2025-67163 | 1 Simplemachines | 1 Simple Machines Forum | 2026-06-17 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter. | |||||