Total
37789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5291 | 1 Averta | 1 Master Slider | 2025-07-02 | N/A | 6.4 MEDIUM |
| The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4955 | 1 Amauri | 1 Tarteaucitron.io | 2025-07-02 | N/A | 4.7 MEDIUM |
| The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks. | |||||
| CVE-2025-45661 | 1 Heavenspell | 1 Minitcg | 2025-07-02 | N/A | 5.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php. | |||||
| CVE-2025-2714 | 1 Joomlaux | 1 Jux Real Estate | 2025-07-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13205 | 1 Kurniaramadhan | 1 E-commerce-php | 2025-07-02 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12893 | 1 Portabilis | 1 I-educar | 2025-07-02 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5034 | 1 Joomunited | 1 Wp File Download | 2025-07-02 | N/A | 7.1 HIGH |
| The wp-file-download WordPress plugin before 6.2.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2025-46178 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-07-02 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement. | |||||
| CVE-2025-0513 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | N/A | 5.4 MEDIUM |
| In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message. | |||||
| CVE-2025-6613 | 1 Anujk305 | 1 Hospital Management System | 2025-07-02 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-44091 | 1 Yangyouwang | 1 Crud | 2025-07-02 | N/A | 5.4 MEDIUM |
| yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. | |||||
| CVE-2025-46611 | 1 Artec-it | 1 Ema | 2025-07-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2025-32794 | 1 Open-emr | 1 Openemr | 2025-07-02 | N/A | 7.6 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue. | |||||
| CVE-2025-43860 | 1 Open-emr | 1 Openemr | 2025-07-02 | N/A | 7.6 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue. | |||||
| CVE-2021-36875 | 1 Stylemixthemes | 1 Ulisting | 2025-07-01 | 3.5 LOW | 5.9 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5. | |||||
| CVE-2025-27412 | 1 Redaxo | 1 Redaxo | 2025-07-01 | N/A | 6.1 MEDIUM |
| REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. | |||||
| CVE-2025-26841 | 1 Wpeverest | 1 Everest Forms | 2025-07-01 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. | |||||
| CVE-2025-6694 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6849 | 1 Fabianros | 1 Simple Forum | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6695 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||