Total
37812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6301 | 1 Anujk305 | 1 Notice Board System | 2025-06-26 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5209 | 1 Ivorysearch | 1 Ivory Search | 2025-06-26 | N/A | 4.8 MEDIUM |
| The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2025-6345 | 1 Rems | 1 My Food Recipe | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11847 | 1 Wp Svg Upload Project | 1 Wp Svg Upload | 2025-06-25 | N/A | 4.8 MEDIUM |
| The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | |||||
| CVE-2025-45055 | 1 Silverpeas | 1 Silverpeas | 2025-06-25 | N/A | 5.4 MEDIUM |
| Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections. | |||||
| CVE-2025-46041 | 1 Anchorcms | 1 Anchor Cms | 2025-06-25 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). | |||||
| CVE-2025-52877 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | |||||
| CVE-2025-52876 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible | |||||
| CVE-2025-52875 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | |||||
| CVE-2025-52879 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | |||||
| CVE-2025-6473 | 1 Fabian | 1 School Fees Payment System | 2025-06-25 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6477 | 1 Razormist | 1 Student Result Management System | 2025-06-25 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-40124 | 1 Pydio | 1 Pydio | 2025-06-25 | N/A | 5.4 MEDIUM |
| Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature. | |||||
| CVE-2025-48958 | 1 Froxlor | 1 Froxlor | 2025-06-25 | N/A | 5.5 MEDIUM |
| Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue. | |||||
| CVE-2025-4415 | 1 Matomo | 1 Piwik Pro | 2025-06-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2. | |||||
| CVE-2025-45754 | 1 Seeddms | 1 Seeddms | 2025-06-25 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. | |||||
| CVE-2025-45880 | 1 Miliaris | 1 Amygdala | 2025-06-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | |||||
| CVE-2025-45878 | 1 Miliaris | 1 Amygdala | 2025-06-24 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | |||||
| CVE-2024-11694 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-24 | N/A | 6.1 MEDIUM |
| Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. | |||||
| CVE-2024-50637 | 1 Webkul | 1 Unopim | 2025-06-24 | N/A | 5.4 MEDIUM |
| UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies. | |||||