Total
44646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63645 | 1 Ph7builder | 1 Ph7 Social Dating Builder | 2026-06-17 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware encoding. As a result, attacker-controlled content executes in the recipient's browser context when the Inbox message is viewed. | |||||
| CVE-2025-63644 | 1 Ph7builder | 1 Ph7 Social Dating Builder | 2026-06-17 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field. | |||||
| CVE-2025-63640 | 1 Rems | 1 Medicine Reminder App | 2026-06-17 | N/A | 6.1 MEDIUM |
| Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button. | |||||
| CVE-2025-63639 | 1 Remyandrade | 1 Faq Bot With Ai Assistant | 2026-06-17 | N/A | 6.1 MEDIUM |
| The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation. | |||||
| CVE-2025-63638 | 1 Remyandrade | 1 Ai-powered To-do List App | 2026-06-17 | N/A | 6.1 MEDIUM |
| Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button. | |||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-06-17 | N/A | 8.7 HIGH |
| Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | |||||
| CVE-2025-63593 | 1 Getgrav | 1 Grav | 2026-06-17 | N/A | 6.1 MEDIUM |
| Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2025-63589 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2026-06-17 | N/A | 7.1 HIGH |
| A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled string placed in the URL path is reflected into multiple HTML elements, allowing execution of arbitrary JavaScript in victims' browsers visiting a crafted URL. | |||||
| CVE-2025-63588 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2026-06-17 | N/A | 7.1 HIGH |
| An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e.g., a maliciously crafted POST login). Successful exploitation may lead to theft of session cookies, credential disclosure, or other client-side impacts. | |||||
| CVE-2025-63544 | 1 Nooncarlett | 1 Techstore | 2026-06-17 | N/A | 6.1 MEDIUM |
| TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter. | |||||
| CVE-2025-63543 | 1 Nooncarlett | 1 Techstore | 2026-06-17 | N/A | 6.1 MEDIUM |
| TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter. | |||||
| CVE-2025-63534 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 8.5 HIGH |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victim's browser when the page is viewed. | |||||
| CVE-2025-63533 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 8.5 HIGH |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rcity parameters, which are then executed in the victim's browser when the page is viewed. | |||||
| CVE-2025-63528 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 8.5 HIGH |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed. | |||||
| CVE-2025-63527 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 8.5 HIGH |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed. | |||||
| CVE-2025-63526 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 8.5 HIGH |
| A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed. | |||||
| CVE-2025-63520 | 1 Feehi | 1 Feehicms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate). | |||||
| CVE-2025-63514 | 1 Kishan0725 | 1 Hospital Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter. | |||||
| CVE-2025-63499 | 1 Alinto | 1 Sogo | 2026-06-17 | N/A | 6.1 MEDIUM |
| Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter. | |||||
| CVE-2025-63498 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2026-06-17 | N/A | 6.1 MEDIUM |
| alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. | |||||