ReportizFlow
Filtered by vendor
Subscriptions
Total
42543 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70958 | 2 Intelliants, Subrion | 2 Subrion Cms, Cms | 2026-02-11 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters. | ||||
| CVE-2025-70959 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70960 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70545 | 1 Belden | 3 Ont 2k05x Router, Ppc 2k05x, Ppc 2k05x Firmware | 2026-02-11 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed. | ||||
| CVE-2026-0946 | 2 Bordeaux-metropole, Drupal | 2 At Internet Smarttag, At Internet Smarttag | 2026-02-11 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1. | ||||
| CVE-2026-0947 | 2 Bordeaux-metropole, Drupal | 2 At Internet Piano Analytics, At Internet Piano Analytics | 2026-02-11 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1. | ||||
| CVE-2023-35394 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.6 Medium |
| Azure HDInsight Jupyter Notebook Spoofing Vulnerability | ||||
| CVE-2023-35393 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Hive Spoofing Vulnerability | ||||
| CVE-2023-36881 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-38188 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Hadoop Spoofing Vulnerability | ||||
| CVE-2023-36877 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Oozie Spoofing Vulnerability | ||||
| CVE-2023-23408 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2025-67855 | 1 Moodle | 1 Moodle | 2026-02-11 | 5.4 Medium |
| A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser. | ||||
| CVE-2025-65923 | 1 Frappe | 1 Erpnext | 2026-02-11 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affected record is viewed by a user within the ERPNext web interface. This exposure may allow an attacker to compromise user sessions or perform unauthorized actions under the context of a victim's account. | ||||
| CVE-2025-69848 | 1 Netbox | 1 Netbox | 2026-02-11 | 5.4 Medium |
| NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user. | ||||
| CVE-2025-63057 | 2 Roxnor, Wordpress | 2 Wp Ultimate Review, Wordpress | 2026-02-11 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. | ||||
| CVE-2026-1634 | 2 Alexdtn, Wordpress | 2 Subitem Al Slider, Wordpress | 2026-02-11 | 6.1 Medium |
| The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-1608 | 1 Wordpress | 1 Wordpress | 2026-02-11 | 6.4 Medium |
| The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-0555 | 2 Premmerce, Wordpress | 2 Premmerce, Wordpress | 2026-02-11 | 6.4 Medium |
| The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page). | ||||
| CVE-2026-1611 | 2 Jmrukkers, Wordpress | 2 Wikiloops Track Player, Wordpress | 2026-02-11 | 6.4 Medium |
| The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||