ReportizFlow
Filtered by vendor
Subscriptions
Total
44773 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70958 | 2 Intelliants, Subrion | 2 Subrion Cms, Cms | 2026-02-11 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters. | ||||
| CVE-2025-70959 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70960 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70545 | 1 Belden | 3 Ont 2k05x Router, Ppc 2k05x, Ppc 2k05x Firmware | 2026-02-11 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed. | ||||
| CVE-2023-36877 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Oozie Spoofing Vulnerability | ||||
| CVE-2023-35394 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.6 Medium |
| Azure HDInsight Jupyter Notebook Spoofing Vulnerability | ||||
| CVE-2023-36881 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-38188 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Hadoop Spoofing Vulnerability | ||||
| CVE-2023-23408 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-35393 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Hive Spoofing Vulnerability | ||||
| CVE-2025-67855 | 1 Moodle | 1 Moodle | 2026-02-11 | 5.4 Medium |
| A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser. | ||||
| CVE-2025-65923 | 1 Frappe | 1 Erpnext | 2026-02-11 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the affected record is viewed by a user within the ERPNext web interface. This exposure may allow an attacker to compromise user sessions or perform unauthorized actions under the context of a victim's account. | ||||
| CVE-2025-69848 | 1 Netbox | 1 Netbox | 2026-02-11 | 5.4 Medium |
| NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user. | ||||
| CVE-2025-70849 | 1 Stefanprodan | 1 Podinfo | 2026-02-11 | 6.1 Medium |
| Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS). | ||||
| CVE-2025-47705 | 1 Iframe Remove Filter Project | 1 Iframe Remove Filter | 2026-02-11 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2. | ||||
| CVE-2025-59896 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-11 | 5.4 Medium |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_command?sid=', affecting the 'command_name' parameter. | ||||
| CVE-2025-59897 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-11 | 5.4 Medium |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_dir' and ‘dest_dir’ parameters. | ||||
| CVE-2025-59898 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-11 | 5.4 Medium |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclude_dir' parameter. | ||||
| CVE-2025-59899 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-11 | 5.4 Medium |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters. | ||||
| CVE-2025-59900 | 1 Flexense | 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more | 2026-02-11 | 5.4 Medium |
| Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters. | ||||