ReportizFlow
Filtered by vendor
Subscriptions
Total
44986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36580 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.1 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection | ||||
| CVE-2025-36577 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.1 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2025-46825 | 1 Kanboard | 1 Kanboard | 2025-07-11 | 5.4 Medium |
| Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue. | ||||
| CVE-2025-5125 | 1 Howardehrenberg | 1 Custom Post Carousels With Owl | 2025-07-11 | 4.8 Medium |
| The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it. | ||||
| CVE-2025-22249 | 1 Vmware | 3 Aria Automation, Cloud Foundation, Telco Cloud Platform | 2025-07-11 | 8.2 High |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | ||||
| CVE-2025-6676 | 1 Gbyte | 1 Simple Xml Sitemap | 2025-07-11 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. | ||||
| CVE-2025-6677 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-07-11 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. | ||||
| CVE-2024-48059 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2025-07-11 | 6.1 Medium |
| gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser. | ||||
| CVE-2025-6347 | 1 Fabian | 1 Responsive Blog Site | 2025-07-11 | 2.4 Low |
| A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6353 | 1 Fabian | 1 Responsive Blog Site | 2025-07-11 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57240 | 1 Apryse | 1 Webviewer | 2025-07-11 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2025-53525 | 1 Wegia | 1 Wegia | 2025-07-11 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3. | ||||
| CVE-2025-53526 | 1 Wegia | 1 Wegia | 2025-07-11 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3. | ||||
| CVE-2024-44081 | 2 8x8, Jitsi | 2 Jitsi Meet, Meet | 2025-07-10 | 9.8 Critical |
| In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. | ||||
| CVE-2024-44080 | 2 8x8, Jitsi | 2 Jitsi Meet, Meet | 2025-07-10 | 7.5 High |
| In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. | ||||
| CVE-2024-35236 | 2 Advplyr, Audiobookshelf | 2 Audiobookshelf, Audiobookshelf | 2025-07-10 | 4.8 Medium |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability. | ||||
| CVE-2023-48082 | 1 Nagios | 2 Nagios Xi, Xi | 2025-07-10 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2025-27099 | 1 Enalean | 1 Tuleap | 2025-07-10 | 4.8 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10. | ||||
| CVE-2024-38208 | 2 Google, Microsoft | 2 Android, Edge | 2025-07-10 | 6.1 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2024-38166 | 1 Microsoft | 1 Dynamics Crm Service Portal Web Resource | 2025-07-10 | 8.2 High |
| An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. | ||||