Total
44516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54817 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability. | |||||
| CVE-2025-54814 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2025-54806 | 1 Weseek | 1 Growi | 2026-06-17 | N/A | 6.1 MEDIUM |
| GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2025-54800 | 1 Nixos | 1 Hydra | 2026-06-17 | N/A | 6.1 MEDIUM |
| Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-party project as part of its build process. This also happens in other places like with hydra-release-name. This issue has been patched by commit dea1e16. A workaround involves either not building untrusted packages or not visiting the builds page. | |||||
| CVE-2025-54784 | 1 Salesagility | 1 Suitecrm | 2026-06-17 | N/A | 6.1 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7. | |||||
| CVE-2025-54783 | 1 Salesagility | 1 Suitecrm | 2026-06-17 | N/A | 6.1 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7. | |||||
| CVE-2025-54778 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2025-54760 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. | |||||
| CVE-2025-54759 | 1 Santesoft | 1 Sante Pacs Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||||
| CVE-2025-54749 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2. | |||||
| CVE-2025-54747 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a through <= 2.3.0. | |||||
| CVE-2025-54746 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through <= 1.0.02. | |||||
| CVE-2025-54740 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through <= 3.27.9. | |||||
| CVE-2025-54737 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through <= 4.7.8. | |||||
| CVE-2025-54729 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Stored XSS.This issue affects Webba Booking: from n/a through <= 6.0.5. | |||||
| CVE-2025-54727 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.2. | |||||
| CVE-2025-54724 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through <= 1.7.1. | |||||
| CVE-2025-54722 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3. | |||||
| CVE-2025-54721 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2. | |||||
| CVE-2025-54718 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2. | |||||