Total
37649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55134 | 2025-08-08 | N/A | 6.4 MEDIUM | ||
| In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js. | |||||
| CVE-2025-55133 | 2025-08-08 | N/A | 6.4 MEDIUM | ||
| In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js. | |||||
| CVE-2024-20383 | 1 Cisco | 15 Asyncos, Secure Email And Web Manager M170, Secure Email And Web Manager M190 and 12 more | 2025-08-08 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2025-22763 | 1 Brizy | 1 Brizy | 2025-08-08 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1. | |||||
| CVE-2025-50740 | 2025-08-07 | N/A | 6.1 MEDIUM | ||
| AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID. | |||||
| CVE-2025-51053 | 2025-08-07 | N/A | 6.1 MEDIUM | ||
| A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser. | |||||
| CVE-2025-51629 | 2025-08-07 | N/A | 8.8 HIGH | ||
| A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. | |||||
| CVE-2024-20511 | 1 Cisco | 1 Unified Communications Manager | 2025-08-07 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-20540 | 1 Cisco | 1 Unified Contact Center Management Portal | 2025-08-07 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device. | |||||
| CVE-2025-32198 | 1 Brizy | 1 Brizy | 2025-08-07 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14. | |||||
| CVE-2025-2839 | 1 Vjinfotech | 1 Wp Import Export Lite | 2025-08-07 | N/A | 6.4 MEDIUM |
| The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-45515 | 1 Zimbra | 1 Collaboration | 2025-08-07 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session. | |||||
| CVE-2024-55040 | 1 Sensaphone | 2 Web600, Web600 Firmware | 2025-08-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters. | |||||
| CVE-2024-38274 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 6.1 MEDIUM |
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | |||||
| CVE-2024-20256 | 1 Cisco | 22 Asyncos, Secure Email And Web Manager M170, Secure Email And Web Manager M190 and 19 more | 2025-08-07 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2025-40598 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-08-07 | N/A | 6.1 MEDIUM |
| A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. | |||||
| CVE-2025-36548 | 1 Wwbn | 1 Avideo | 2025-08-07 | N/A | 8.3 HIGH |
| A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-41420 | 1 Wwbn | 1 Avideo | 2025-08-07 | N/A | 9.6 CRITICAL |
| A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-45892 | 1 Opencart | 1 Opencart | 2025-08-07 | N/A | 6.1 MEDIUM |
| OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code | |||||
| CVE-2025-51541 | 2025-08-07 | N/A | 6.1 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious JavaScript. This vulnerability can be exploited via a Cross-Site Request Forgery (CSRF) attack due to the absence of CSRF protections on the POST request. An unauthenticated remote attacker can craft a malicious web page that, when visited by a victim, stores the payload persistently in the installation configuration. As a result, the payload executes whenever any user subsequently accesses the vulnerable installation page, leading to persistent client-side code execution. | |||||