Search Results (47249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36548 1 Wwbn 1 Avideo 2025-11-03 8.3 High
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-32731 1 Meddream 2 Pacs Premium, Pacs Server 2025-11-03 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-30087 1 Bestpractical 1 Request Tracker 2025-11-03 7.2 High
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVE-2025-27679 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005.
CVE-2025-27676 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.
CVE-2025-27654 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.
CVE-2025-27653 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.
CVE-2025-27643 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 9.8 Critical
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.
CVE-2025-27637 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
CVE-2025-26065 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
CVE-2025-26064 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
CVE-2024-56527 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
CVE-2024-56519 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
CVE-2024-47093 1 Nagvis 1 Nagvis 2025-11-03 8.8 High
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
CVE-2024-47090 1 Nagvis 1 Nagvis 2025-11-03 6.1 Medium
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
CVE-2024-45699 1 Zabbix 1 Zabbix 2025-11-03 5.4 Medium
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
CVE-2024-43799 2 Redhat, Send Project 11 Discovery, Network Observ Optr, Openshift and 8 more 2025-11-03 5 Medium
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
CVE-2023-46287 1 Nagvis 1 Nagvis 2025-11-03 6.1 Medium
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
CVE-2023-25727 1 Phpmyadmin 1 Phpmyadmin 2025-11-03 5.4 Medium
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
CVE-2022-24891 3 Netapp, Oracle, Owasp 4 Active Iq Unified Manager, Oncommand Workflow Automation, Weblogic Server and 1 more 2025-11-03 5.4 Medium
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.