ReportizFlow
Filtered by vendor
Subscriptions
Total
44295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28756 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | ||||
| CVE-2026-28703 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | ||||
| CVE-2026-3879 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | ||||
| CVE-2026-3880 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | ||||
| CVE-2026-4107 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | ||||
| CVE-2026-4108 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | ||||
| CVE-2026-27655 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-07 | 7.3 High |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | ||||
| CVE-2025-70128 | 1 Pluxml | 1 Pluxml | 2026-04-07 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using a <script> element. The injected payload is stored in the database and subsequently rendered in the Administration panel's "Comments" section when administrators review submitted comments. Importantly, the malicious script is not reflected in the public-facing comments interface, but only within the backend administration view. Alternatively, users of Administrator, Moderator, Manager roles can also directly input crafted payloads into existing comments. This makes the vulnerability a persistent XSS issue targeting administrative users. This affects /core/admin/comments.php, while CVE-2022-24585 affects /core/admin/comment.php, a uniquely distinct vulnerability. | ||||
| CVE-2008-3511 | 1 Softbizscripts | 1 Image Gallery Script | 2026-04-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6124 | 1 Softbizscripts | 1 Freelancers Script | 2026-04-06 | N/A |
| Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | ||||
| CVE-2025-55618 | 1 Hyundai | 1 Navigation | 2026-04-06 | 7.3 High |
| In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered. | ||||
| CVE-2026-27255 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-54123 | 1 Backdropcms | 1 Backdrop Cms | 2026-04-06 | 6.1 Medium |
| Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. | ||||
| CVE-2026-27257 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27256 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27254 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27253 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27252 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27251 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2026-27250 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-04-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||