Export limit exceeded: 45689 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45689 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59415 | 1 Frappe | 3 Frappe, Frappe Lms, Learning | 2025-10-08 | 4.6 Medium |
| Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. | ||||
| CVE-2025-57452 | 2 Oppo, Realme | 2 Coloros, Clone Phone | 2025-10-08 | 6.1 Medium |
| In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents. | ||||
| CVE-2024-36453 | 1 Webmin | 2 Usermin, Webmin | 2025-10-08 | 6.1 Medium |
| Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed. | ||||
| CVE-2025-52653 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 7.6 High |
| HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. | ||||
| CVE-2025-61599 | 1 Emlog | 1 Emlog | 2025-10-08 | 5.4 Medium |
| Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix. | ||||
| CVE-2025-60448 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-10-08 | 6.1 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed. | ||||
| CVE-2025-50938 | 1 Hustoj | 1 Hustoj | 2025-10-07 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. | ||||
| CVE-2025-26791 | 2 Cure53, Redhat | 6 Dompurify, Ansible Automation Platform, Network Observ Optr and 3 more | 2025-10-07 | 4.5 Medium |
| DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | ||||
| CVE-2025-0706 | 1 Joeybling | 1 Bootplus | 2025-10-07 | 2.4 Low |
| A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-11283 | 1 Frappe | 2 Frappe Lms, Learning | 2025-10-07 | 2.4 Low |
| A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them. | ||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-10-07 | 6.1 Medium |
| SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | ||||
| CVE-2025-57692 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-10-07 | 6.8 Medium |
| PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser. | ||||
| CVE-2025-57292 | 2 Doist, Todoist | 2 Todoist, Todoist | 2025-10-07 | 6.1 Medium |
| Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata. | ||||
| CVE-2023-23313 | 1 Draytek | 182 Vigor1000b, Vigor1000b Firmware, Vigor130 and 179 more | 2025-10-07 | 6.1 Medium |
| Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | ||||
| CVE-2025-11027 | 2 Givanz, Vvveb | 2 Vvveb, Vvveb | 2025-10-07 | 2.4 Low |
| A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release." | ||||
| CVE-2025-58385 | 1 Doxense | 1 Watchdoc | 2025-10-07 | 7.1 High |
| In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data). | ||||
| CVE-2025-61087 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-10-07 | 6.1 Medium |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. | ||||
| CVE-2025-60782 | 1 Iqbolshoh | 1 Php Education Management | 2025-10-07 | 5.4 Medium |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates. | ||||
| CVE-2025-29192 | 1 Flowiseai | 1 Flowise | 2025-10-07 | 8.2 High |
| Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log. | ||||
| CVE-2025-50538 | 1 Flowiseai | 1 Flowise | 2025-10-07 | 8.2 High |
| Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log. | ||||