Total
37799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44091 | 1 Yangyouwang | 1 Crud | 2025-07-02 | N/A | 5.4 MEDIUM |
| yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. | |||||
| CVE-2025-46611 | 1 Artec-it | 1 Ema | 2025-07-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2025-32794 | 1 Open-emr | 1 Openemr | 2025-07-02 | N/A | 7.6 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue. | |||||
| CVE-2025-43860 | 1 Open-emr | 1 Openemr | 2025-07-02 | N/A | 7.6 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue. | |||||
| CVE-2021-36875 | 1 Stylemixthemes | 1 Ulisting | 2025-07-01 | 3.5 LOW | 5.9 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5. | |||||
| CVE-2025-27412 | 1 Redaxo | 1 Redaxo | 2025-07-01 | N/A | 6.1 MEDIUM |
| REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. | |||||
| CVE-2025-26841 | 1 Wpeverest | 1 Everest Forms | 2025-07-01 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. | |||||
| CVE-2025-6694 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6849 | 1 Fabianros | 1 Simple Forum | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6695 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6288 | 2025-07-01 | N/A | 4.7 MEDIUM | ||
| The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-50367 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | N/A | 6.1 MEDIUM |
| A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2024-52900 | 1 Ibm | 1 Cognos Analytics | 2025-07-01 | N/A | 6.4 MEDIUM |
| IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-6696 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-22615. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6697 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6698 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5035 | 1 Firelightwp | 1 Firelight Lightbox | 2025-07-01 | N/A | 5.4 MEDIUM |
| The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks. | |||||
| CVE-2025-5093 | 1 Dfactory | 1 Responsive Lightbox | 2025-07-01 | N/A | 5.4 MEDIUM |
| The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-3745 | 1 Syedbalkhi | 1 Wp Lightbox 2 | 2025-07-01 | N/A | 6.3 MEDIUM |
| The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks. | |||||
| CVE-2025-5730 | 1 Ghozylab | 1 Contact Form | 2025-07-01 | N/A | 4.3 MEDIUM |
| The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||||