Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64220 | 2025-10-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8. | |||||
| CVE-2025-64291 | 2025-10-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13. | |||||
| CVE-2025-12450 | 2025-10-30 | N/A | 6.1 MEDIUM | ||
| The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-64202 | 2025-10-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6. | |||||
| CVE-2025-25009 | 1 Elastic | 1 Kibana | 2025-10-30 | N/A | 8.7 HIGH |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload. | |||||
| CVE-2025-25017 | 1 Elastic | 1 Kibana | 2025-10-30 | N/A | 8.2 HIGH |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS) | |||||
| CVE-2025-25018 | 1 Elastic | 1 Kibana | 2025-10-30 | N/A | 8.7 HIGH |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS) | |||||
| CVE-2025-52620 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | N/A | 4.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | |||||
| CVE-2025-58747 | 1 Langgenius | 1 Dify | 2025-10-29 | N/A | 6.1 MEDIUM |
| Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application. | |||||
| CVE-2025-8681 | 1 Pega | 1 Pega Platform | 2025-10-29 | N/A | 5.5 MEDIUM |
| Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Â Requires a high privileged user with a developer role. | |||||
| CVE-2023-7143 | 1 Fabian | 1 Client Details System | 2025-10-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-41299 | 1 Ibm | 1 Transformation Advisor | 2025-10-29 | N/A | 4.4 MEDIUM |
| IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | |||||
| CVE-2025-60302 | 1 Fabian | 1 Client Details System | 2025-10-29 | N/A | 6.1 MEDIUM |
| code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. | |||||
| CVE-2024-30147 | 1 Hcltech | 1 Leap | 2025-10-29 | N/A | 6.5 MEDIUM |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | |||||
| CVE-2024-30114 | 1 Hcltech | 1 Leap | 2025-10-29 | N/A | 3.7 LOW |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | |||||
| CVE-2024-30113 | 1 Hcltech | 1 Leap | 2025-10-29 | N/A | 6.3 MEDIUM |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||||
| CVE-2023-37534 | 1 Hcltech | 1 Leap | 2025-10-29 | N/A | 7.1 HIGH |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||||
| CVE-2022-44759 | 1 Hcltech | 1 Leap | 2025-10-29 | N/A | 4.6 MEDIUM |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | |||||
| CVE-2024-12211 | 1 Pega | 1 Pega Platform | 2025-10-29 | N/A | 5.4 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | |||||
| CVE-2024-39594 | 1 Sap | 2 Business Warehouse, Business Warehouse Virtual Comp | 2025-10-29 | N/A | 6.1 MEDIUM |
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application. | |||||