Total
39470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50858 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter. | |||||
| CVE-2025-30006 | 1 Xorcom | 1 Completepbx | 2025-09-24 | N/A | 6.1 MEDIUM |
| Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35 | |||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | N/A | 9.3 CRITICAL |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | |||||
| CVE-2025-53504 | 1 Group-office | 1 Group Office | 2025-09-24 | N/A | 5.4 MEDIUM |
| Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | |||||
| CVE-2025-25973 | 1 Yandaozi | 1 Ppress | 2025-09-23 | N/A | 6.5 MEDIUM |
| A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. | |||||
| CVE-2025-50581 | 1 Mrcms | 1 Mrcms | 2025-09-23 | N/A | 4.8 MEDIUM |
| MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do. | |||||
| CVE-2025-59712 | 1 Snipeitapp | 1 Snipe-it | 2025-09-23 | N/A | 6.4 MEDIUM |
| Snipe-IT before 8.1.18 allows XSS. | |||||
| CVE-2025-59715 | 1 Smseagle | 1 Smseagle | 2025-09-23 | N/A | 4.8 MEDIUM |
| SMSEagle before 6.11 allows reflected XSS via a username or contact phone number. | |||||
| CVE-2025-59411 | 1 Cubecart | 1 Cubecart | 2025-09-23 | N/A | 5.4 MEDIUM |
| CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user input is not being escaped or sanitized before being output in email (and possibly when re-rendering the form), leading to Cross-Site Scripting / HTML injection risk in email clients or admin UI. This issue has been patched in version 6.5.11. | |||||
| CVE-2025-59412 | 1 Cubecart | 1 Cubecart | 2025-09-23 | N/A | 5.4 MEDIUM |
| CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator approves the review, the injected HTML is rendered on the product page for all visitors. This could be used to redirect users to malicious websites or to display unwanted content. This issue has been patched in version 6.5.11. | |||||
| CVE-2024-51446 | 1 Siemens | 1 Polarion Alm | 2025-09-23 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application. | |||||
| CVE-2025-26514 | 1 Netapp | 1 Storagegrid | 2025-09-23 | N/A | 6.4 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link. | |||||
| CVE-2025-53692 | 2025-09-22 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4. | |||||
| CVE-2025-10181 | 2025-09-22 | N/A | 6.4 MEDIUM | ||
| The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-8079 | 2025-09-22 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects Smart Trade E-Commerce: before 4.5.0.0.1. | |||||
| CVE-2025-57901 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DAEXT Import Markdown allows Stored XSS. This issue affects Import Markdown: from n/a through 1.14. | |||||
| CVE-2025-57974 | 2025-09-22 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv TZ PlusGallery allows Stored XSS. This issue affects TZ PlusGallery: from n/a through 1.5.5. | |||||
| CVE-2025-53455 | 2025-09-22 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.1. | |||||
| CVE-2025-57966 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery Lightbox allows Stored XSS. This issue affects Gallery Lightbox: from n/a through 1.0.0.41. | |||||
| CVE-2025-57940 | 2025-09-22 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Kumar Mukhiya Append extensions on Pages allows Stored XSS. This issue affects Append extensions on Pages: from n/a through 1.1.2. | |||||