Search Results (47293 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37629 1 Summernote 1 Summernote 2025-10-07 6.1 Medium
SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.
CVE-2025-57692 1 Dotnetfoundation 1 Piranha Cms 2025-10-07 6.8 Medium
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.
CVE-2025-57292 2 Doist, Todoist 2 Todoist, Todoist 2025-10-07 6.1 Medium
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
CVE-2023-23313 1 Draytek 182 Vigor1000b, Vigor1000b Firmware, Vigor130 and 179 more 2025-10-07 6.1 Medium
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.
CVE-2025-11027 2 Givanz, Vvveb 2 Vvveb, Vvveb 2025-10-07 2.4 Low
A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."
CVE-2025-58385 1 Doxense 1 Watchdoc 2025-10-07 7.1 High
In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
CVE-2025-61087 2 Mayurik, Sourcecodester 2 Pet Grooming Management Software, Pet Grooming Management Software 2025-10-07 6.1 Medium
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
CVE-2025-60782 1 Iqbolshoh 1 Php Education Management 2025-10-07 5.4 Medium
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates.
CVE-2025-29192 1 Flowiseai 1 Flowise 2025-10-07 8.2 High
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
CVE-2025-50538 1 Flowiseai 1 Flowise 2025-10-07 8.2 High
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
CVE-2025-60450 1 Metinfo 1 Metinfo 2025-10-07 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.
CVE-2025-60451 1 Metinfo 1 Metinfo 2025-10-07 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed.
CVE-2025-60452 1 Metinfo 1 Metinfo 2025-10-07 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.
CVE-2025-60453 1 Metinfo 1 Metinfo 2025-10-07 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.
CVE-2025-60454 1 Metinfo 1 Metinfo 2025-10-07 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users.
CVE-2025-28016 1 Phpgurukul 2 User Registration \& Login And User Management System, User Registration And Login And User Management System 2025-10-07 4.8 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVE-2024-1228 2 Eurosoft, Eurosoftsp.zo.o 2 Przychodnia, Eurosoft Przychodina 2025-10-07 9.8 Critical
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).
CVE-2025-40675 1 Webkul 1 Bagisto 2025-10-06 6.1 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
CVE-2014-2370 1 Omron 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more 2025-10-06 N/A
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
CVE-2025-49461 1 Zoom 8 Meeting Software Development Kit, Rooms, Rooms Controller and 5 more 2025-10-06 4.3 Medium
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.