Total
39553 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11283 | 1 Frappe | 1 Learning | 2025-10-07 | 3.3 LOW | 2.4 LOW |
| A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them. | |||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-10-07 | N/A | 6.1 MEDIUM |
| SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | |||||
| CVE-2025-57692 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-10-07 | N/A | 6.8 MEDIUM |
| PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser. | |||||
| CVE-2025-57292 | 1 Doist | 1 Todoist | 2025-10-07 | N/A | 6.1 MEDIUM |
| Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata. | |||||
| CVE-2023-23313 | 1 Draytek | 182 Vigor1000b, Vigor1000b Firmware, Vigor130 and 179 more | 2025-10-07 | N/A | 6.1 MEDIUM |
| Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | |||||
| CVE-2025-11027 | 1 Vvveb | 1 Vvveb | 2025-10-07 | 3.3 LOW | 2.4 LOW |
| A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release." | |||||
| CVE-2025-61087 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-10-07 | N/A | 6.1 MEDIUM |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section. | |||||
| CVE-2025-60782 | 1 Iqbolshoh | 1 Php Education Management | 2025-10-07 | N/A | 5.4 MEDIUM |
| PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates. | |||||
| CVE-2025-56154 | 1 Htmly | 1 Htmly | 2025-10-07 | N/A | 6.1 MEDIUM |
| htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads. | |||||
| CVE-2025-11306 | 1 Qianfox | 1 Foxcms | 2025-10-07 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29192 | 1 Flowiseai | 1 Flowise | 2025-10-07 | N/A | 8.2 HIGH |
| Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log. | |||||
| CVE-2025-50538 | 1 Flowiseai | 1 Flowise | 2025-10-07 | N/A | 8.2 HIGH |
| Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log. | |||||
| CVE-2025-60450 | 1 Metinfo | 1 Metinfo | 2025-10-07 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. | |||||
| CVE-2025-60451 | 1 Metinfo | 1 Metinfo | 2025-10-07 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, specifically in the website settings module. This security flaw allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed. | |||||
| CVE-2025-60452 | 1 Metinfo | 1 Metinfo | 2025-10-07 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. | |||||
| CVE-2025-60453 | 1 Metinfo | 1 Metinfo | 2025-10-07 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. | |||||
| CVE-2025-60454 | 1 Metinfo | 1 Metinfo | 2025-10-07 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed or accessed by users. | |||||
| CVE-2025-11291 | 2025-10-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handler. Performing manipulation of the argument trid results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-28016 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-10-07 | N/A | 4.8 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters. | |||||
| CVE-2025-56018 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-10-07 | N/A | 6.1 MEDIUM |
| SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field. | |||||