ReportizFlow
Filtered by vendor
Subscriptions
Total
44986 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6452 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50695 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2025-06-27 | 6.1 Medium |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. | ||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 6.1 Medium |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | ||||
| CVE-2024-53999 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2025-06-27 | 8.1 High |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. | ||||
| CVE-2025-27584 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update. | ||||
| CVE-2025-27585 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update. | ||||
| CVE-2024-53382 | 1 Prismjs | 1 Prism | 2025-06-27 | 4.9 Medium |
| Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. | ||||
| CVE-2024-53386 | 1 Piqnt | 1 Stage.js | 2025-06-27 | 4.9 Medium |
| Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. | ||||
| CVE-2025-3531 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3532 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3533 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-52875 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 5.4 Medium |
| In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | ||||
| CVE-2025-52877 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.8 Medium |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | ||||
| CVE-2025-52879 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.8 Medium |
| In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | ||||
| CVE-2025-6285 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-27 | 4.3 Medium |
| A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6287 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-27 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6288 | 2 Anujk305, Phpgurukul | 2 Bus Pass Management System, Bus Pass Management System | 2025-06-27 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely. | ||||
| CVE-2025-3568 | 1 Webkul | 1 Krayin Crm | 2025-06-26 | 3.5 Low |
| A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE. | ||||
| CVE-2025-3570 | 1 Jameszbl | 1 Db-hospital-drug | 2025-06-26 | 3.5 Low |
| A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6340 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||