Total
44422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39363 | 1 Alphaefficiencyteam | 1 Custom Login And Registration | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0. | |||||
| CVE-2025-39361 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1017. | |||||
| CVE-2025-37732 | 1 Elastic | 1 Kibana | 2026-06-17 | N/A | 5.4 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 (CVE-2025-25018) bypassing that fix to achieve HTML injection. | |||||
| CVE-2025-37185 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-06-17 | N/A | 5.5 MEDIUM |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface and thereby make unauthorized arbitrary configuration changes to the host. | |||||
| CVE-2025-37122 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browser in the context of the affected interface. | |||||
| CVE-2025-37109 | 2026-06-17 | N/A | 3.5 LOW | ||
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | |||||
| CVE-2025-37108 | 2026-06-17 | N/A | 3.5 LOW | ||
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | |||||
| CVE-2025-36750 | 1 Growatt | 2 Shine Lan-x, Shine Lan-x Firmware | 2026-06-17 | N/A | 5.4 MEDIUM |
| ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code. | |||||
| CVE-2025-36748 | 1 Growatt | 2 Shine Lan-x, Shine Lan-x Firmware | 2026-06-17 | N/A | 5.4 MEDIUM |
| ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code. | |||||
| CVE-2025-36746 | 1 Solaredge | 1 Solaredge Monitoring Platform | 2026-06-17 | N/A | 5.4 MEDIUM |
| SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. | |||||
| CVE-2025-36605 | 1 Dell | 1 Unity Operating Environment | 2026-06-17 | N/A | 6.1 MEDIUM |
| Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2025-36592 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2026-06-17 | N/A | 5.4 MEDIUM |
| Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | |||||
| CVE-2025-36580 | 1 Dell | 1 Wyse Management Suite | 2026-06-17 | N/A | 6.1 MEDIUM |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection | |||||
| CVE-2025-36577 | 1 Dell | 1 Wyse Management Suite | 2026-06-17 | N/A | 6.1 MEDIUM |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | |||||
| CVE-2025-36563 | 1 Alfasado | 1 Powercms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser. | |||||
| CVE-2025-36556 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2025-36548 | 1 Wwbn | 1 Avideo | 2026-06-17 | N/A | 8.3 HIGH |
| A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2025-36436 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-06-17 | N/A | 6.4 MEDIUM |
| IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36409 | 1 Ibm | 1 Applinx | 2026-06-17 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36408 | 1 Ibm | 1 Applinx | 2026-06-17 | N/A | 6.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||