Total
37789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52462 | 2025-07-03 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL. | |||||
| CVE-2025-52842 | 2025-07-03 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0. | |||||
| CVE-2025-40722 | 2025-07-03 | N/A | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags. | |||||
| CVE-2025-40723 | 2025-07-03 | N/A | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the footer_text and announcement parameters in config.php. | |||||
| CVE-2025-27447 | 2025-07-03 | N/A | 7.4 HIGH | ||
| The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link. | |||||
| CVE-2025-49032 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS.This issue affects Gutenberg Blocks: from n/a through 3.3.1. | |||||
| CVE-2024-33210 | 1 Flatpress | 1 Flatpress | 2025-07-03 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. | |||||
| CVE-2024-45960 | 1 Tribalsystems | 1 Zenario | 2025-07-03 | N/A | 4.8 MEDIUM |
| Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. | |||||
| CVE-2024-45964 | 1 Tribalsystems | 1 Zenario | 2025-07-03 | N/A | 4.8 MEDIUM |
| Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. | |||||
| CVE-2024-46409 | 1 Seeddms | 1 Seeddms | 2025-07-03 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. | |||||
| CVE-2024-42901 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | N/A | 4.8 MEDIUM |
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | |||||
| CVE-2024-44085 | 1 Onlyoffice | 1 Onlyoffice | 2025-07-03 | N/A | 6.1 MEDIUM |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | |||||
| CVE-2024-57599 | 1 Douco | 1 Douphp | 2025-07-03 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | |||||
| CVE-2024-54795 | 1 Eng | 1 Spagobi | 2025-07-03 | N/A | 5.4 MEDIUM |
| SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. | |||||
| CVE-2024-33297 | 1 Microweber | 1 Microweber | 2025-07-03 | N/A | 4.7 MEDIUM |
| Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | |||||
| CVE-2024-33298 | 1 Microweber | 1 Microweber | 2025-07-03 | N/A | 6.1 MEDIUM |
| Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | |||||
| CVE-2024-33299 | 1 Microweber | 1 Microweber | 2025-07-03 | N/A | 4.7 MEDIUM |
| Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users | |||||
| CVE-2024-53620 | 1 Spip | 1 Spip | 2025-07-03 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. | |||||
| CVE-2024-55239 | 1 Portabilis | 1 I-educar | 2025-07-03 | N/A | 5.4 MEDIUM |
| A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. | |||||
| CVE-2025-49262 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-07-02 | N/A | 7.6 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1. | |||||