Export limit exceeded: 47444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-40598 1 Sonicwall 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more 2025-08-07 6.1 Medium
A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
CVE-2025-45892 1 Opencart 1 Opencart 2025-08-07 6.1 Medium
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code
CVE-2025-45893 1 Opencart 1 Opencart 2025-08-07 6.1 Medium
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded JavaScript
CVE-2025-51398 1 Livehelperchat 2 Live Helper Chat, Livehelperchat 2025-08-07 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2025-51403 1 Livehelperchat 2 Live Helper Chat, Livehelperchat 2025-08-07 6.5 Medium
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.
CVE-2025-51401 1 Livehelperchat 2 Live Helper Chat, Livehelperchat 2025-08-07 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
CVE-2025-51400 1 Livehelperchat 2 Live Helper Chat, Livehelperchat 2025-08-07 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-51396 1 Livehelperchat 2 Live Helper Chat, Livehelperchat 2025-08-07 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
CVE-2025-54597 1 Linuxserver 2 Heimdall, Heimdall Application Dashboard 2025-08-07 7.2 High
LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.
CVE-2022-20626 1 Cisco 1 Prime Access Registrar 2025-08-07 5.5 Medium
A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2025-52358 2 Vivaldi, Vivaldigroup 4 Icontrol+ Server, Icontrol\+ Server, Vivaldi Domotica Icontrol and 1 more 2025-08-06 6.3 Medium
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
CVE-2025-44136 1 Maptiler 1 Tileserver Php 2025-08-06 9.8 Critical
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
CVE-2025-0376 1 Gitlab 1 Gitlab 2025-08-06 8.7 High
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
CVE-2025-8231 2 D-link, Dlink 3 Dir-890l, Dir-890l, Dir-890l Firmware 2025-08-06 6.8 Medium
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-20257 1 Cisco 7 Asyncos, Secure Email Gateway C195, Secure Email Gateway C395 and 4 more 2025-08-06 4.8 Medium
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2025-36563 1 Alfasado 1 Powercms 2025-08-06 6.1 Medium
Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.
CVE-2025-41391 1 Alfasado 1 Powercms 2025-08-06 5.4 Medium
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
CVE-2025-50866 1 Vishalmathur 1 Cloudclassroom 2025-08-06 6.1 Medium
CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
CVE-2025-5921 2 Brainstormforce, Wordpress 2 Sureforms, Wordpress 2025-08-06 5.8 Medium
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
CVE-2025-8380 1 Campcodes 1 Online Hotel Reservation System 2025-08-06 3.5 Low
A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.