ReportizFlow
Filtered by vendor
Subscriptions
Total
38399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58596 | 2 Mailoptin, Wordpress | 2 Mailoptin, Wordpress | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0. | ||||
| CVE-2025-58593 | 2 Themeisle, Wordpress | 2 Orbit Fox, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0. | ||||
| CVE-2024-13071 | 1 Akinsoft | 1 E-mutabakat | 2025-09-04 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06. | ||||
| CVE-2025-2694 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-04 | 4.8 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-20330 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-09-04 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2025-20280 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-09-04 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. | ||||
| CVE-2025-9923 | 1 Campcodes | 1 Sales And Inventory System | 2025-09-04 | 4.3 Medium |
| A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-9922 | 1 Campcodes | 1 Sales And Inventory System | 2025-09-04 | 4.3 Medium |
| A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-45805 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-09-04 | 7.6 High |
| In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment. | ||||
| CVE-2025-58614 | 2 Tooltipy, Wordpress | 2 Tooltipy, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6. | ||||
| CVE-2025-58626 | 2 Rumbletalk, Wordpress | 2 Live Group Chat Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from n/a through 6.3.5. | ||||
| CVE-2025-58624 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5. | ||||
| CVE-2025-20328 | 1 Cisco | 1 Webex Meetings | 2025-09-04 | 5.4 Medium |
| A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user-supplied input to the user profile component of Cisco Webex Meetings. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user. | ||||
| CVE-2025-55944 | 2025-09-04 | 6.1 Medium | ||
| Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users. | ||||
| CVE-2025-56761 | 1 Usememos | 1 Memos | 2025-09-04 | 5.4 Medium |
| Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XSS is viewed by an admin. | ||||
| CVE-2025-58610 | 2 Wordpress, Wpchill | 2 Wordpress, Gallery Photoblocks | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1. | ||||
| CVE-2025-58640 | 2 Matrixaddons, Wordpress | 2 Document Engine Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine allows Stored XSS. This issue affects Document Engine: from n/a through 1.2. | ||||
| CVE-2025-58618 | 2 Jonathanjernigan, Wordpress | 2 Pie Calendar, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8. | ||||
| CVE-2025-58621 | 2 Amuse Labs, Wordpress | 2 Puzzleme Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress allows Stored XSS. This issue affects PuzzleMe for WordPress: from n/a through 1.2.0. | ||||
| CVE-2025-3760 | 1 Liferay | 2 Dxp, Portal | 2025-09-04 | N/A |
| A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page. | ||||