ReportizFlow
Filtered by vendor
Subscriptions
Total
44986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50699 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2025-07-08 | 6.1 Medium |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php. | ||||
| CVE-2025-52896 | 1 Frappe | 1 Frappe | 2025-07-08 | 5.4 Medium |
| Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading. | ||||
| CVE-2025-6212 | 1 Themefic | 1 Ultimate Addons For Contact Form 7 | 2025-07-08 | 7.2 High |
| The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the admin-side AJAX endpoint ajax_get_table_data() returns those raw names as JSON column headers, and the client-side DataTables renderer injects them directly into the DOM without any HTML encoding. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-40846 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 4.8 Medium |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | ||||
| CVE-2022-40844 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 5.4 Medium |
| In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | ||||
| CVE-2025-40733 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. | ||||
| CVE-2025-40734 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. | ||||
| CVE-2025-25929 | 1 Openmrs | 1 Openmrs | 2025-07-07 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter. | ||||
| CVE-2024-53384 | 1 Egoist | 1 Tsup | 2025-07-07 | 5.1 Medium |
| A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components | ||||
| CVE-2024-53387 | 1 Umeditor Project | 1 Umeditor | 2025-07-07 | 8.8 High |
| A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element. | ||||
| CVE-2024-53388 | 1 Mavo | 1 Mavo | 2025-07-07 | 8.8 High |
| A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element. | ||||
| CVE-2024-40088 | 2 Vilo, Viloliving | 3 5 Mesh Wifi System, Vilo 5, Vilo 5 Firmware | 2025-07-07 | 5.3 Medium |
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | ||||
| CVE-2024-48233 | 1 Mipjz Project | 1 Mipjz | 2025-07-07 | 4.8 Medium |
| mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. | ||||
| CVE-2021-3186 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-07 | 5.4 Medium |
| A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | ||||
| CVE-2024-51091 | 1 Seajs | 1 Seajs | 2025-07-07 | 5.4 Medium |
| Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package | ||||
| CVE-2024-50983 | 1 Getflightpath | 1 Flightpath | 2025-07-07 | 6.1 Medium |
| FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections. | ||||
| CVE-2024-6165 | 1 Wanotifier | 1 Wanotifier | 2025-07-07 | 4.8 Medium |
| The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-43292 | 2 Rems, Sourcecodester | 2 My Food Recipe, My Food Recipe Using Php | 2025-07-07 | 6.1 Medium |
| Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters. | ||||
| CVE-2024-13245 | 1 Cksource | 1 Ckeditor 4 | 2025-07-07 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1. | ||||
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 199 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 196 more | 2025-07-07 | 6.1 Medium |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | ||||