ReportizFlow
Filtered by vendor
Subscriptions
Total
44986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3745 | 1 Syedbalkhi | 1 Wp Lightbox 2 | 2025-07-01 | 6.3 Medium |
| The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks. | ||||
| CVE-2025-5730 | 1 Ghozylab | 1 Contact Form | 2025-07-01 | 4.3 Medium |
| The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-6699 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-23030. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-54959 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). | ||||
| CVE-2024-54958 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page. | ||||
| CVE-2022-36350 | 1 Pukiwiki | 1 Pukiwiki | 2025-07-01 | 6.1 Medium |
| Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2024-31634 | 1 Xunruicms | 1 Xunruicms | 2025-06-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | ||||
| CVE-2024-4456 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-06-30 | 4.1 Medium |
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | ||||
| CVE-2024-2697 | 1 Swiftideas | 1 Swift Framework | 2025-06-30 | 6.5 Medium |
| The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2024-3634 | 2 Benaceur-php, Month Name Translation Benaceur Wordpress Plugin | 2 Month Name Translation Benaceur, Month Name Translation Benaceur Wordpress Plugin | 2025-06-30 | 4.8 Medium |
| The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2019-3578 | 1 Mybb | 1 Mybb | 2025-06-30 | 6.1 Medium |
| MyBB 1.8.19 has XSS in the resetpassword function. | ||||
| CVE-2025-45879 | 1 Miliaris | 1 Amygdala | 2025-06-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. | ||||
| CVE-2024-47226 | 2 Lenel, Netbox | 2 Netbox, Netbox | 2025-06-30 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended. | ||||
| CVE-2024-56915 | 1 Netbox | 1 Netbox | 2025-06-30 | 6.5 Medium |
| Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. | ||||
| CVE-2024-29217 | 1 Apache | 1 Answer | 2025-06-30 | 4.6 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack. Users are recommended to upgrade to version [1.3.0], which fixes the issue. | ||||
| CVE-2024-48648 | 1 Sage | 1 Sage Frp 1000 | 2025-06-27 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding. | ||||
| CVE-2024-57326 | 1 Online Pizza Delivery System Project | 1 Online Pizza Delivery System | 2025-06-27 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter. | ||||
| CVE-2024-57041 | 1 Nodebb | 1 Nodebb | 2025-06-27 | 4.6 Medium |
| A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile. | ||||
| CVE-2023-24651 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | 5.4 Medium |
| Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. | ||||
| CVE-2025-6475 | 1 Razormist | 1 Student Result Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||