Total
44598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60448 | 1 Emlog | 1 Emlog | 2026-06-17 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed. | |||||
| CVE-2025-60447 | 1 Emlog | 1 Emlog | 2026-06-17 | N/A | 5.9 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to persistent JavaScript execution. | |||||
| CVE-2025-60445 | 1 Xunruicms | 1 Xunruicms | 2026-06-17 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when the uploaded file is viewed. | |||||
| CVE-2025-60378 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2026-06-17 | N/A | 8.1 HIGH |
| Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients. | |||||
| CVE-2025-60374 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A different vulnerability than CVE-2024-8867. | |||||
| CVE-2025-60318 | 1 Mayurik | 1 Pet Grooming Management Software | 2026-06-17 | N/A | 6.1 MEDIUM |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields. | |||||
| CVE-2025-60314 | 1 Configuroweb | 1 Simple Web Inventory System | 2026-06-17 | N/A | 5.4 MEDIUM |
| Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting (XSS) due to the lack of input sanitization on the product name parameter (Nombre:Producto) allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript. | |||||
| CVE-2025-60313 | 1 Rems | 1 Link Status Checker | 2026-06-17 | N/A | 6.1 MEDIUM |
| Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code. | |||||
| CVE-2025-60312 | 1 Rems | 1 Markdown To Html Converter | 2026-06-17 | N/A | 6.1 MEDIUM |
| Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button. | |||||
| CVE-2025-60308 | 1 Fabian | 1 Simple Online Hotel Reservation System | 2026-06-17 | N/A | 4.1 MEDIUM |
| code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing this room information | |||||
| CVE-2025-60304 | 1 Fabian | 1 Simple Scheduling System | 2026-06-17 | N/A | 6.1 MEDIUM |
| code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. | |||||
| CVE-2025-60302 | 1 Fabian | 1 Client Details System | 2026-06-17 | N/A | 6.1 MEDIUM |
| code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. | |||||
| CVE-2025-60299 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | N/A | 5.4 MEDIUM |
| Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database and is executed in other users’ browsers when they view the affected comment thread. | |||||
| CVE-2025-60298 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | N/A | 5.4 MEDIUM |
| Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter. | |||||
| CVE-2025-60280 | 1 Hockeycomputindo | 1 Bang Resto | 2026-06-17 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly in the browser. When exploited, an attacker can steal session cookies, redirect users to malicious sites, perform actions on behalf of the user, or deface the website. This can lead to user data compromise, loss of user trust, and a broader attack surface for more advanced exploitation techniques. | |||||
| CVE-2025-60249 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-supplied input in the Bundles, Comments, and Sightings components. Untrusted data was not properly sanitized before being rendered in templates and tables, which could allow attackers to inject arbitrary JavaScript into the application. The issue was due to unsafe use of innerHTML and insufficient validation of dynamic URLs and model fields. This vulnerability has been fixed by escaping untrusted data, replacing innerHTML assignments with safer DOM methods, encoding URLs with encodeURIComponent, and improving input validation in the affected models. | |||||
| CVE-2025-60246 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0. | |||||
| CVE-2025-60186 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments google-plus-comments allows Stored XSS.This issue affects Google+ Comments: from n/a through <= 1.0. | |||||
| CVE-2025-60185 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur.us kontur Admin Style kontur-admin-style allows Stored XSS.This issue affects kontur Admin Style: from n/a through <= 1.0.4. | |||||
| CVE-2025-60184 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry L. SEO Search Permalink seo-search-permalink allows Stored XSS.This issue affects SEO Search Permalink: from n/a through <= 1.0.3. | |||||