Total
44499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55064 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55063 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55062 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55059 | 1 Maxum | 1 Rumpus | 2026-06-17 | N/A | 4.8 MEDIUM |
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55056 | 1 Maxum | 1 Rumpus | 2026-06-17 | N/A | 4.8 MEDIUM |
| Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55054 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | |||||
| CVE-2025-55033 | 1 Mozilla | 1 Firefox Focus | 2026-06-17 | N/A | 6.1 MEDIUM |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142. | |||||
| CVE-2025-54967 | 1 Baesystems | 1 Socet Gxp | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in the process. | |||||
| CVE-2025-54965 | 1 Baesystems | 1 Socet Gxp | 2026-06-17 | N/A | 6.1 MEDIUM |
| An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary JavaScript in the victim's browser. | |||||
| CVE-2025-54893 | 1 Centreon | 1 Centreon Web | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | |||||
| CVE-2025-54892 | 1 Centreon | 1 Centreon Web | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | |||||
| CVE-2025-54891 | 1 Centreon | 1 Centreon Web | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | |||||
| CVE-2025-54890 | 1 Centreon | 1 Centreon Web | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29. | |||||
| CVE-2025-54889 | 1 Centreon | 1 Centreon Web | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28. | |||||
| CVE-2025-54881 | 2026-06-17 | N/A | N/A | ||
| Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. | |||||
| CVE-2025-54880 | 1 Mermaid Project | 1 Mermaid | 2026-06-17 | N/A | 6.1 MEDIUM |
| Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0. | |||||
| CVE-2025-54862 | 1 Santesoft | 1 Sante Pacs Server | 2026-06-17 | N/A | 5.4 MEDIUM |
| Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||||
| CVE-2025-54861 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2025-54859 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. | |||||
| CVE-2025-54856 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page. | |||||