ReportizFlow
Filtered by vendor
Subscriptions
Total
411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52654 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 4.6 Medium |
| A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue affects HCL MyXalytics: 6.6. | ||||
| CVE-2025-11241 | 2 Wordpress, Yoast | 2 Wordpress, Yoast Seo | 2025-10-06 | 6.4 Medium |
| The Yoast SEO Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 25.7 to 25.9 due to a flawed regex used to remove an attribute in post content, which can be abused to inject arbitrary HTML attributes, including JavaScript event handlers. This vulnerability allows a user with Contributor access or higher to create a post containing a malicious JavaScript payload. | ||||
| CVE-2014-2353 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2025-10128 | 1 Wordpress | 1 Wordpress | 2025-10-02 | 6.4 Medium |
| The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-58054 | 1 Discourse | 1 Discourse | 2025-10-02 | 3.5 Low |
| Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1. | ||||
| CVE-2025-61583 | 1 Teamspeak3 Manager Project | 1 Ts3 Manager | 2025-10-02 | 4.3 Medium |
| TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2. | ||||
| CVE-2025-57730 | 1 Jetbrains | 1 Intellij Idea | 2025-09-30 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature | ||||
| CVE-2025-8029 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-09-30 | 8.1 High |
| Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | ||||
| CVE-2025-1997 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-09-29 | 5.4 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||||
| CVE-2025-60100 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-09-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. | ||||
| CVE-2023-49453 | 2 Dedecms, Racktables Project | 2 Dedecms, Racktables | 2025-09-29 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. | ||||
| CVE-2023-4663 | 1 Adobe | 1 Connect | 2025-09-24 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. | ||||
| CVE-2025-57928 | 2 Strategy11, Wordpress | 2 Awp Classifieds, Wordpress | 2025-09-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5. | ||||
| CVE-2025-30210 | 1 Usebruno | 1 Bruno | 2025-09-23 | 6.1 Medium |
| Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment's name. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno or Postman collection export and the user hovers on the environment name. This vulnerability is fixed in 1.39.1. | ||||
| CVE-2025-59573 | 2 Cozythemes, Wordpress | 2 Cozy Blocks, Wordpress | 2025-09-23 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks allows Code Injection. This issue affects Cozy Blocks: from n/a through 2.1.29. | ||||
| CVE-2025-54589 | 1 9001 | 1 Copyparty | 2025-09-22 | 6.3 Medium |
| Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>` block without proper escaping, allowing for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users. This is fixed in version 1.18.7. | ||||
| CVE-2025-32027 | 1 Yiiframework | 1 Yii | 2025-09-17 | 6.1 Medium |
| Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher. | ||||
| CVE-2025-10125 | 2 Strangerstudios, Wordpress | 2 Memberlite Shortcodes, Wordpress | 2025-09-17 | 6.4 Medium |
| The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2010 | 1 Tebilisim | 1 V5 | 2025-09-16 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2. | ||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2025-09-15 | 5.4 Medium |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||