Total
44649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64543 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction, such as visiting a crafted URL or interacting with a manipulated web page. | |||||
| CVE-2025-64541 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-64539 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 9.3 CRITICAL |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page. | |||||
| CVE-2025-64538 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 9.3 CRITICAL |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page. | |||||
| CVE-2025-64537 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 9.3 CRITICAL |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page. | |||||
| CVE-2025-64501 | 2026-06-17 | N/A | 7.6 HIGH | ||
| ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the `prosemirror_to_html` gem is vulnerable to Cross-Site Scripting (XSS) attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Applications that use `prosemirror_to_html` to convert ProseMirror documents to HTML, user-generated ProseMirror content, and end users viewing the rendered HTML output are all at risk of attack. This issue is fixed in version 0.2.1. | |||||
| CVE-2025-64495 | 1 Openwebui | 1 Open Webui | 2026-06-17 | N/A | 8.7 HIGH |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant a payload that could be triggered by other users if they run the corresponding / command to insert the prompt. This issue is fixed in version 0.6.35. | |||||
| CVE-2025-64491 | 1 Salesagility | 1 Suitecrm | 2026-06-17 | N/A | 6.1 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and below allow unauthenticated reflected Cross-Site Scripting (XSS). Successful exploitation could lead to full account takeover, for example by altering the login form to send credentials to an attacker-controlled server. As a reflected XSS issue, exploitation requires the victim to open a crafted malicious link, which can be delivered via phishing, social media, or other communication channels. This issue is fixed in version 7.14.8. | |||||
| CVE-2025-64442 | 1 Humhub | 1 Humhub | 2026-06-17 | N/A | 6.1 MEDIUM |
| HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4. | |||||
| CVE-2025-64383 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3. | |||||
| CVE-2025-64381 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7. | |||||
| CVE-2025-64380 | 1 Booster | 1 Booster For Woocommerce | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2. | |||||
| CVE-2025-64376 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10. | |||||
| CVE-2025-64372 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.6. | |||||
| CVE-2025-64367 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6. | |||||
| CVE-2025-64365 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0. | |||||
| CVE-2025-64362 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through < 5.5.0. | |||||
| CVE-2025-64361 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through <= 1.4.2. | |||||
| CVE-2025-64355 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12. | |||||
| CVE-2025-64354 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2. | |||||