Export limit exceeded: 349416 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45790 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22854 | 1 Darktrace | 1 Threat Visualizer | 2025-07-11 | 6.1 Medium |
| DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. | ||||
| CVE-2025-6234 | 1 Kibokolabs | 1 Hostel | 2025-07-11 | 6.1 Medium |
| The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-6236 | 1 Kibokolabs | 1 Hostel | 2025-07-11 | 4.8 Medium |
| The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-27693 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 4.9 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2024-52290 | 1 Lfedge | 1 Ekuiper | 2025-07-11 | 6.3 Medium |
| LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue. | ||||
| CVE-2025-6778 | 1 Fabian | 1 Food Distributor Site | 2025-07-11 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6569 | 1 Fabian | 1 School Fees Payment System | 2025-07-11 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-36580 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.1 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection | ||||
| CVE-2025-36577 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.1 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2025-46825 | 1 Kanboard | 1 Kanboard | 2025-07-11 | 5.4 Medium |
| Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue. | ||||
| CVE-2025-5125 | 1 Howardehrenberg | 1 Custom Post Carousels With Owl | 2025-07-11 | 4.8 Medium |
| The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it. | ||||
| CVE-2025-22249 | 1 Vmware | 3 Aria Automation, Cloud Foundation, Telco Cloud Platform | 2025-07-11 | 8.2 High |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | ||||
| CVE-2025-6676 | 1 Gbyte | 1 Simple Xml Sitemap | 2025-07-11 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. | ||||
| CVE-2025-6677 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-07-11 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. | ||||
| CVE-2025-2765 | 1 Carlinkit | 2 Autokit, Cpc200-ccpa | 2025-07-11 | 8.8 High |
| CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349. | ||||
| CVE-2024-48059 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2025-07-11 | 6.1 Medium |
| gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser. | ||||
| CVE-2025-6347 | 1 Fabian | 1 Responsive Blog Site | 2025-07-11 | 2.4 Low |
| A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6353 | 1 Fabian | 1 Responsive Blog Site | 2025-07-11 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57240 | 1 Apryse | 1 Webviewer | 2025-07-10 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2025-53525 | 1 Wegia | 1 Wegia | 2025-07-10 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3. | ||||