Total
36870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20279 | 2025-06-05 | N/A | 4.8 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system. | |||||
| CVE-2025-32015 | 2025-06-05 | N/A | 6.7 MEDIUM | ||
| FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue. | |||||
| CVE-2025-22243 | 2025-06-05 | N/A | 7.5 HIGH | ||
| VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | |||||
| CVE-2025-5341 | 2025-06-05 | N/A | 6.4 MEDIUM | ||
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-20273 | 2025-06-05 | N/A | 6.1 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2025-22244 | 2025-06-05 | N/A | 6.9 MEDIUM | ||
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | |||||
| CVE-2024-5379 | 1 Heyewei | 1 Jfinalcms | 2025-06-05 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291. | |||||
| CVE-2024-5310 | 1 Heyewei | 1 Jfinalcms | 2025-06-05 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability. | |||||
| CVE-2024-13192 | 1 Zerowdd | 1 Myblog | 2025-06-05 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12842 | 1 Emlog | 1 Emlog | 2025-06-05 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47616 | 2025-06-05 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2. | |||||
| CVE-2024-24388 | 1 Xunruicms | 1 Xunruicms | 2025-06-05 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. | |||||
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2025-06-05 | N/A | 6.1 MEDIUM |
| Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | |||||
| CVE-2024-24131 | 1 Superwebmailer | 1 Superwebmailer | 2025-06-05 | N/A | 6.1 MEDIUM |
| SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | |||||
| CVE-2022-2669 | 1 Wp Taxonomy Import Project | 1 Wp Taxonomy Import | 2025-06-05 | N/A | 6.1 MEDIUM |
| The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2654 | 1 Radiustheme | 4 Classified Listing, Classified Listing Store \& Membership, Classima and 1 more | 2025-06-05 | N/A | 6.1 MEDIUM |
| The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2024-22548 | 1 Flycms Project | 1 Flycms | 2025-06-05 | N/A | 5.4 MEDIUM |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | |||||
| CVE-2024-22496 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-05 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | |||||
| CVE-2024-22491 | 1 Beetl-bbs Project | 1 Beetl-bbs | 2025-06-05 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | |||||
| CVE-2024-22075 | 1 Firefly-iii | 1 Firefly Iii | 2025-06-05 | N/A | 6.1 MEDIUM |
| Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | |||||