Total
40271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52702 | 1 Mybb | 1 Mybb | 2025-12-08 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. NOTE: this is disputed by the Supplier because Website Name can only be set by an administrator, who may use JavaScript if they wish. | |||||
| CVE-2025-63307 | 1 Alexusmai | 1 Laravel File Manager | 2025-12-08 | N/A | 8.1 HIGH |
| alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization. | |||||
| CVE-2025-63785 | 1 Onlook | 1 Onlook | 2025-12-08 | N/A | 6.1 MEDIUM |
| A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An attacker can exploit this to inject malicious HTML and script code, which is then executed within the context of the preview iframe, allowing for the execution of arbitrary scripts in the user's session. | |||||
| CVE-2025-13181 | 1 H3blog | 1 H3blog | 2025-12-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-13182 | 1 H3blog | 1 H3blog | 2025-12-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2013-4888 | 1 Xibosignage | 1 Xibo | 2025-12-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. | |||||
| CVE-2025-12761 | 1 Simple Multi Step Form Project | 1 Simple Multi Step Form | 2025-12-08 | N/A | 3.5 LOW |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi step form: from 0.0.0 before 2.0.0. | |||||
| CVE-2025-12330 | 1 Matthewdeaves | 1 Willow Cms | 2025-12-08 | 3.3 LOW | 2.4 LOW |
| A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-13784 | 1 Yungifez | 1 Skuul | 2025-12-06 | 3.3 LOW | 2.4 LOW |
| A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-63229 | 1 Dbbroadcast | 44 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 41 more | 2025-12-06 | N/A | 5.4 MEDIUM |
| The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions. | |||||
| CVE-2025-41079 | 1 Seafile | 1 Seafile | 2025-12-05 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'. | |||||
| CVE-2025-41080 | 1 Seafile | 1 Seafile | 2025-12-05 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'. | |||||
| CVE-2023-32969 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-05 | N/A | 4.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | |||||
| CVE-2024-50406 | 1 Qnap | 1 License Center | 2025-12-05 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later | |||||
| CVE-2025-22483 | 1 Qnap | 1 License Center | 2025-12-05 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and later | |||||
| CVE-2025-64336 | 1 Oxygenz | 1 Clipbucket | 2025-12-05 | N/A | 5.4 MEDIUM |
| ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147. | |||||
| CVE-2025-55123 | 1 Revive-adserver | 1 Revive Adserver | 2025-12-05 | N/A | 5.4 MEDIUM |
| Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. | |||||
| CVE-2017-1000236 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2023-3021 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. | |||||
| CVE-2024-40500 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | N/A | 8.6 HIGH |
| Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | |||||