Export limit exceeded: 364938 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10411 2 Emiloi, Itsourcecode 2 E-logbook With Health Monitoring System For Covid-19, E-logbook With Health Monitoring System For Covid-19 2025-09-18 4.3 Medium
A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2024-0083 2 Microsoft, Nvidia 2 Windows, Chatrtx 2025-09-18 6.5 Medium
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.
CVE-2025-57538 1 Proxmox 1 Virtual Environment 2025-09-18 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view the affected configuration page. This can lead to arbitrary JavaScript execution.
CVE-2025-57539 1 Proxmox 2 Proxmox, Virtual Environment 2025-09-18 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially leading to session hijacking or other attacks.
CVE-2025-10566 1 Campcodes 1 Grocery Sales And Inventory System 2025-09-18 4.3 Medium
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2025-56289 2 Code-projects, Fabian 2 Document Management System, Document Management System 2025-09-18 5.4 Medium
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files.
CVE-2025-56280 1 Carmelo 1 Food Ordering Review System 2025-09-18 5.4 Medium
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information.
CVE-2025-56276 1 Carmelo 1 Food Ordering Review System 2025-09-18 5.4 Medium
code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information.
CVE-2025-56697 1 Askar634 1 Computer Base Test 2025-09-18 6.1 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php.
CVE-2025-57117 1 Remyandrade 1 Employee Management System 2025-09-18 5.4 Medium
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.
CVE-2024-29154 1 Danielmiessler 1 Fabric 2025-09-18 7.4 High
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText.
CVE-2024-28434 1 Twenty 1 Twenty 2025-09-18 7.6 High
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVE-2025-33008 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-09-18 5.4 Medium
IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-28157 1 Jenkins 1 Gitbucket 2025-09-18 8.0 High
Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
CVE-2025-9656 1 Phpgurukul 1 Directory Management System 2025-09-18 4.3 Medium
A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-59035 1 Cern 1 Indico 2025-09-17 4.6 Medium
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as soon as possible. As a workaround, only let trustworthy users create content on Indico. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows.
CVE-2024-26542 1 Bonitasoft 1 Bonita Web 2025-09-17 6.1 Medium
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
CVE-2025-57540 1 Proxmox 1 Virtual Environment 2025-09-17 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.
CVE-2025-5806 1 Jenkins 1 Gatling 2025-09-17 8 High
Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
CVE-2025-32027 1 Yiiframework 1 Yii 2025-09-17 6.1 Medium
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.