Total
44604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-61308 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | |||||
| CVE-2025-61307 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | |||||
| CVE-2025-61306 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | |||||
| CVE-2025-61305 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | |||||
| CVE-2025-61261 | 2 Angular, Ckeditor | 2 Angular, Ckeditor5 | 2026-06-17 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2025-61255 | 1 Phpgurukul | 1 Bank Locker Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection. | |||||
| CVE-2025-61224 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter | |||||
| CVE-2025-61198 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. | |||||
| CVE-2025-61190 | 1 Lyrasis | 1 Dspace | 2026-06-17 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter. | |||||
| CVE-2025-61183 | 1 Webreinvent | 1 Vaahcms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php | |||||
| CVE-2025-61087 | 1 Mayurik | 1 Pet Grooming Management Software | 2026-06-17 | N/A | 6.1 MEDIUM |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. | |||||
| CVE-2025-61080 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL. | |||||
| CVE-2025-61078 | 1 Phpipam | 1 Phpipam | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint. | |||||
| CVE-2025-61074 | 1 Adata | 1 Mitarbeiter Portal | 2026-06-17 | N/A | 4.6 MEDIUM |
| A stored Cross Site Scripting (XSS) vulnerability in the bulletin board (SchwarzeBrett) in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the '/SchwarzeBrett/Nachrichten/CreateNachricht' or '/SchwarzeBrett/Nachrichten/EditNachricht/' requests. | |||||
| CVE-2025-60991 | 2026-06-17 | N/A | 8.8 HIGH | ||
| A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter. | |||||
| CVE-2025-60983 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints. | |||||
| CVE-2025-60967 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60961 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. | |||||
| CVE-2025-60958 | 1 Endruntechnologies | 2 Sonoma D12, Sonoma D12 Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60950 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file. | |||||