Total
37650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6690 | 2025-08-06 | N/A | 6.4 MEDIUM | ||
| The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-0376 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 8.7 HIGH |
| An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page. | |||||
| CVE-2024-20257 | 1 Cisco | 7 Asyncos, Secure Email Gateway C195, Secure Email Gateway C395 and 4 more | 2025-08-06 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2025-36563 | 1 Alfasado | 1 Powercms | 2025-08-06 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser. | |||||
| CVE-2025-41391 | 1 Alfasado | 1 Powercms | 2025-08-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser. | |||||
| CVE-2025-50866 | 1 Vishalmathur | 1 Cloudclassroom | 2025-08-06 | N/A | 6.1 MEDIUM |
| CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks. | |||||
| CVE-2025-5921 | 1 Brainstormforce | 1 Sureforms | 2025-08-06 | N/A | 5.8 MEDIUM |
| The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users. | |||||
| CVE-2025-8380 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-50848 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 6.1 MEDIUM |
| A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users. | |||||
| CVE-2025-51951 | 1 Andisearch | 1 Andisearch | 2025-08-06 | N/A | 6.1 MEDIUM |
| andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2025-51503 | 1 Microweber | 1 Microweber | 2025-08-06 | N/A | 7.6 HIGH |
| A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers. | |||||
| CVE-2025-52203 | 1 Devaslanphp | 1 Project Management | 2025-08-06 | N/A | 7.6 HIGH |
| A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context. | |||||
| CVE-2025-52187 | 1 Getprojects | 1 Create School Management System | 2025-08-06 | N/A | 8.2 HIGH |
| GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php. | |||||
| CVE-2025-51954 | 1 Electronhub | 1 Ai Playground | 2025-08-06 | N/A | 6.1 MEDIUM |
| playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2025-20120 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-08-06 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2025-8319 | 1 Barracuda | 1 Message Archiver Firmware | 2025-08-06 | N/A | 6.1 MEDIUM |
| the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter | |||||
| CVE-2020-3420 | 1 Cisco | 1 Unified Communications Manager | 2025-08-06 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | |||||
| CVE-2025-46958 | 1 Adobe | 1 Experience Manager | 2025-08-06 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2023-43091 | 1 Gnome | 1 Gnome-maps | 2025-08-06 | N/A | 9.8 CRITICAL |
| A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | |||||
| CVE-2025-51857 | 2025-08-05 | N/A | 6.1 MEDIUM | ||
| The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. | |||||