Total
36824 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51790 | 1 Piwigo | 1 Piwigo | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | |||||
| CVE-2025-5010 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5011 | 1 Moonlightl | 1 Hexo-boot | 2025-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5013 | 1 Hkcms | 1 Hkcms | 2025-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-40284 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | N/A | 8.3 HIGH |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2024-28635 | 1 Devsoftbaltic | 1 Survey-creator | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. | |||||
| CVE-2023-40285 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2024-25167 | 1 Markerhub | 1 Eblog | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | |||||
| CVE-2024-27626 | 1 Dotclear | 1 Dotclear | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | |||||
| CVE-2025-32920 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.10.0. | |||||
| CVE-2025-3902 | 1 Four Kitchens | 1 Block Class | 2025-06-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. | |||||
| CVE-2025-45236 | 1 86dbs | 1 Dbsyncer | 2025-06-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter. | |||||
| CVE-2025-29573 | 1 Jupo | 1 Mezzanine | 2025-06-16 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module. | |||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | N/A | 4.8 MEDIUM |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | |||||
| CVE-2025-29602 | 1 Flatpress | 1 Flatpress | 2025-06-16 | N/A | 6.1 MEDIUM |
| flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. | |||||
| CVE-2025-29746 | 1 Benjaminjonard | 1 Koillection | 2025-06-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components | |||||
| CVE-2024-25712 | 1 Http-swagger Project | 1 Http-swagger | 2025-06-16 | N/A | 6.1 MEDIUM |
| http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files. | |||||
| CVE-2023-51246 | 1 Get-simple | 1 Getsimplecms | 2025-06-16 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | |||||
| CVE-2023-51072 | 1 Nagios | 1 Nagios Xi | 2025-06-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | |||||
| CVE-2023-51067 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | N/A | 6.1 MEDIUM |
| An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | |||||