ReportizFlow
Filtered by vendor
Subscriptions
Total
38397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | 8.8 High |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | ||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | 7.2 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | ||||
| CVE-2025-41055 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/dialogs. | ||||
| CVE-2025-41056 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/hysontable. | ||||
| CVE-2025-41057 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/rich_text_editor. | ||||
| CVE-2025-41058 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/row_manager. | ||||
| CVE-2025-41059 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tablesorter. | ||||
| CVE-2025-41060 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tree. | ||||
| CVE-2025-41061 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/uploadify. | ||||
| CVE-2025-41062 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons. | ||||
| CVE-2025-41063 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db. | ||||
| CVE-2025-31476 | 2 Amauri, Tacjs Project | 2 Tarteaucitronjs, Tacjs | 2025-09-04 | 4.8 Medium |
| tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert(). Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript execution if a user clicked on a malicious link. An attacker with high privileges could insert a link exploiting an insecure URL scheme, leading to execution of arbitrary JavaScript code, theft of sensitive data through phishing attacks, or modification of the user interface behavior. This vulnerability is fixed in 1.20.1. | ||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2025-09-04 | 6.1 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-53277 | 1 Silverstripe | 1 Framework | 2025-09-04 | 5.4 Medium |
| Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-30148 | 1 Silverstripe | 1 Framework | 2025-09-04 | 5.4 Medium |
| Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23. | ||||
| CVE-2025-9796 | 1 Jeesite | 1 Jeesite | 2025-09-04 | 3.5 Low |
| A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended. | ||||
| CVE-2025-9738 | 1 Portabilis | 1 I-educar | 2025-09-04 | 3.5 Low |
| A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2024-45176 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | 6.1 Medium |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. | ||||
| CVE-2024-45177 | 2 C-mor, Za-internet | 2 C-mor Video Surveillance, C-mor Video Surveillance | 2025-09-04 | 5.4 Medium |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation. | ||||
| CVE-2025-9773 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 4.3 Medium |
| A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. | ||||