ReportizFlow
Filtered by vendor
Subscriptions
Total
42579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36988 | 1 Guidoneele | 1 Pdw File Browser | 2026-01-29 | 5.4 Medium |
| PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser. | ||||
| CVE-2026-1399 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 4.4 Medium |
| The WP Google Ad Manager Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-14865 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2026-01-29 | 6.4 Medium |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.2.21. | ||||
| CVE-2025-68533 | 2 Hasthemes, Wordpress | 2 Wc Builder, Wordpress | 2026-01-29 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0. | ||||
| CVE-2025-54495 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54157 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-53854 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-53707 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-53516 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-46270 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-44000 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-36556 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54861 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54853 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54852 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54817 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability. | ||||
| CVE-2025-54814 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54778 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-58080 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-57881 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2026-01-29 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||