Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55074 | 1 Grocy Project | 1 Grocy | 2025-09-05 | N/A | 8.8 HIGH |
| The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. | |||||
| CVE-2024-52520 | 1 Nextcloud | 1 Nextcloud Server | 2025-09-05 | N/A | 5.7 MEDIUM |
| Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | |||||
| CVE-2024-37161 | 1 Metersphere | 1 Metersphere | 2025-09-04 | N/A | 4.0 MEDIUM |
| MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue. | |||||
| CVE-2024-37304 | 1 Microsoft | 1 Nugetgallery | 2025-09-04 | N/A | 6.1 MEDIUM |
| NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue. | |||||
| CVE-2025-9754 | 1 Campcodes | 1 Online Hospital Management System | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
| A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9753 | 1 Campcodes | 1 Online Hospital Management System | 2025-09-04 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in Campcodes Online Hospital Management System 1.0. The affected element is an unknown function of the file /admin/patient-search.php of the component Patient Search Module. Performing manipulation of the argument Search by Name Mobile No results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9746 | 1 Campcodes | 1 Hospital Management System | 2025-09-04 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-41036 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit. | |||||
| CVE-2025-41037 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager. | |||||
| CVE-2025-41038 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter in /apprain/admin/managegroup/add/. | |||||
| CVE-2025-41039 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]', 'data[sconfig][currency]', 'data[sconfig][db_version]', 'data[sconfig][default_pagination]', 'data[sconfig][emailsetup_from_email]', 'data[sconfig][emailsetup_host]', 'data[sconfig][emailsetup_password]', 'data[sconfig][emailsetup_port]', 'data[sconfig][emailsetup_username]', 'data[sconfig][fileresource_id]', 'data[sconfig][large_image_height]', 'data[sconfig][large_image_width]' and 'data[sconfig][time_zone_padding]' parameters in /apprain/admin/config/opts. | |||||
| CVE-2025-41040 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/lipsum.xml. | |||||
| CVE-2025-41041 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/default.xml. | |||||
| CVE-2025-41042 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' parameters in /apprain/information/manage/emailtemplate/add. | |||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/. | |||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create. | |||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | |||||
| CVE-2025-41046 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid. | |||||
| CVE-2025-41047 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace. | |||||
| CVE-2025-41048 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin. | |||||