ReportizFlow
Filtered by vendor
Subscriptions
Total
44932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2141 | 1 Ibm | 7 3948-ved, 3948-ved Firmware, 3948-vef and 4 more | 2025-09-30 | 6.1 Medium |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-53500 | 2 Malvineous, Mediawiki | 2 Masseditregex, Mediawiki | 2025-09-30 | 5.6 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension allows Stored XSS.This issue affects Mediawiki - MassEditRegex Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-32999 | 1 Appleple | 1 A-blog Cms | 2025-09-30 | 5.4 Medium |
| Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | ||||
| CVE-2024-35591 | 1 Zoneland | 1 O2oa | 2025-09-30 | 5.4 Medium |
| An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2023-3144 | 1 Razormist | 1 Online Discussion Forum Site | 2025-09-30 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231013 was assigned to this vulnerability. | ||||
| CVE-2023-3143 | 1 Razormist | 1 Online Discussion Forum Site | 2025-09-30 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231012. | ||||
| CVE-2024-13080 | 1 Phpgurukul | 1 Land Record System | 2025-09-30 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11078 | 2 Anisha, Code-projects | 2 Job Recruitment, Job Recruitment | 2025-09-30 | 3.5 Low |
| A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-2826 | 1 Class Scheduling System Project | 1 Class Scheduling System | 2025-09-30 | 3.5 Low |
| A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | ||||
| CVE-2023-3986 | 2 Oretnom23, Simple Online Mens Salon Management System Project | 2 Simple Online Men\'s Salon Management System, Simple Online Mens Salon Management System | 2025-09-30 | 2.4 Low |
| A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607. | ||||
| CVE-2024-31914 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-09-30 | 6.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45031 | 1 Apache | 1 Syncope | 2025-09-30 | 6.1 Medium |
| When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser when editing “Personal Information” or “User Requests”: such payloads would trigger for administrators in Syncope Console, thus enabling session hijacking. Users are recommended to upgrade to version 3.0.9, which fixes this issue. | ||||
| CVE-2024-7218 | 2 Oretnom23, Sourcecodester | 2 School Log Management System, School Log Management System | 2025-09-30 | 3.5 Low |
| A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2025-55998 | 1 Mezereon | 1 Smart Search And Filter | 2025-09-29 | 8.1 High |
| A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter | ||||
| CVE-2024-57601 | 1 Easyappointments | 1 Easyappointments | 2025-09-29 | 6.1 Medium |
| Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter. | ||||
| CVE-2024-51229 | 1 Pb-cms Project | 1 Pb-cms | 2025-09-29 | 8.8 High |
| Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. | ||||
| CVE-2024-45962 | 1 Octobercms | 1 October | 2025-09-29 | 4.7 Medium |
| October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. | ||||
| CVE-2023-49453 | 2 Dedecms, Racktables Project | 2 Dedecms, Racktables | 2025-09-29 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. | ||||
| CVE-2023-48866 | 1 Grocy Project | 1 Grocy | 2025-09-29 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies. | ||||
| CVE-2023-48200 | 1 Grocy Project | 1 Grocy | 2025-09-29 | 5.4 Medium |
| Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. | ||||