Total
40269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67551 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through <= 2.6.9. | |||||
| CVE-2025-67550 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through <= 2.2.6. | |||||
| CVE-2025-67545 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free. | |||||
| CVE-2025-67533 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0. | |||||
| CVE-2025-62082 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through <= 1.2.8. | |||||
| CVE-2025-14013 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-66111 | 2025-12-10 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0. | |||||
| CVE-2025-62459 | 1 Microsoft | 1 365 Defender Portal | 2025-12-10 | N/A | 8.3 HIGH |
| Microsoft Defender Portal Spoofing Vulnerability | |||||
| CVE-2019-11359 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | |||||
| CVE-2019-11428 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | |||||
| CVE-2019-11449 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | |||||
| CVE-2025-14194 | 1 Carmelogarcia | 1 Employee Profile Management System | 2025-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-14205 | 1 Fabian | 1 Chamber Of Commerce Membership Management System | 2025-12-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-63033 | 2025-12-10 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a through <= 2.3. | |||||
| CVE-2025-6946 | 1 Watchguard | 28 Firebox M270, Firebox M290, Firebox M370 and 25 more | 2025-12-10 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | |||||
| CVE-2025-13939 | 1 Watchguard | 34 Firebox M270, Firebox M290, Firebox M370 and 31 more | 2025-12-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | |||||
| CVE-2025-13938 | 1 Watchguard | 34 Firebox M270, Firebox M290, Firebox M370 and 31 more | 2025-12-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | |||||
| CVE-2025-13937 | 1 Watchguard | 34 Firebox M270, Firebox M290, Firebox M370 and 31 more | 2025-12-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | |||||
| CVE-2025-13936 | 1 Watchguard | 34 Firebox M270, Firebox M290, Firebox M370 and 31 more | 2025-12-10 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | |||||
| CVE-2025-65959 | 1 Openwebui | 1 Open Webui | 2025-12-10 | N/A | 8.7 HIGH |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37. | |||||