Total
39311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62414 | 1 Webkul | 1 Bagisto | 2025-10-22 | N/A | 6.9 MEDIUM |
| Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later execute in the context of an admin’s browser or another user viewing the customer data, enabling session theft or admin-level actions. This vulnerability is fixed in 2.3.8. | |||||
| CVE-2025-62418 | 1 Webkul | 1 Bagisto | 2025-10-22 | N/A | 6.9 MEDIUM |
| Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8. | |||||
| CVE-2025-60781 | 1 Iqbolshoh | 1 Php Education Management | 2025-10-22 | N/A | 6.1 MEDIUM |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter. | |||||
| CVE-2025-35060 | 1 Newforma | 1 Project Center | 2025-10-22 | N/A | 5.5 MEDIUM |
| Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent. | |||||
| CVE-2024-6380 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-12089 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-12090 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-12091 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2024-12092 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0596 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0598 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0599 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0600 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0601 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0826 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0828 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0829 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0832 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0830 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-0833 | 1 3ds | 1 3dexperience Enovia | 2025-10-22 | N/A | 8.7 HIGH |
| A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||