Total
39561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48536 | 1 Esoftplanner | 1 Esoft Planner | 2025-10-01 | N/A | 7.5 HIGH |
| Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request. | |||||
| CVE-2024-56882 | 1 Sagedpw | 1 Sage Dpw | 2025-10-01 | N/A | 5.4 MEDIUM |
| Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements. | |||||
| CVE-2024-51875 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2025-10-01 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmul Ahsan MDC YouTube Downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | |||||
| CVE-2024-48531 | 1 Esoftplanner | 1 Esoft Planner | 2025-10-01 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-48534 | 1 Esoftplanner | 1 Esoft Planner | 2025-10-01 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2024-48535 | 1 Esoftplanner | 1 Esoft Planner | 2025-10-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | |||||
| CVE-2025-5713 | 1 Isolucoesweb | 1 Solucoescoop | 2025-10-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2024-41502 | 1 Jetimob | 1 Imobiliaria | 2025-10-01 | N/A | 6.1 MEDIUM |
| Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person. | |||||
| CVE-2024-41503 | 1 Jetimob | 1 Imobiliaria | 2025-10-01 | N/A | 6.1 MEDIUM |
| Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function. | |||||
| CVE-2024-41504 | 1 Jetimob | 1 Imobiliaria | 2025-10-01 | N/A | 6.1 MEDIUM |
| Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript. | |||||
| CVE-2024-41505 | 1 Jetimob | 1 Imobiliaria | 2025-10-01 | N/A | 6.1 MEDIUM |
| Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor). | |||||
| CVE-2025-7053 | 1 Agentejo | 1 Cockpit | 2025-10-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdcd5e3bc651c0839c7eea807f3eb6af856dbc76. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly. | |||||
| CVE-2025-53599 | 1 Navercorp | 1 Whale | 2025-10-01 | N/A | 9.8 CRITICAL |
| Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme. | |||||
| CVE-2025-53489 | 2 Jackphoenix, Mediawiki | 2 Googledocs4mw, Mediawiki | 2025-10-01 | N/A | 5.6 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-53490 | 2 Jly, Mediawiki | 2 Campaignevents, Mediawiki | 2025-10-01 | N/A | 5.6 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extension: from 1.43.X before 1.43.2. | |||||
| CVE-2025-58674 | 2025-10-01 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30. | |||||
| CVE-2024-12756 | 1 Avaya | 1 Spaces | 2025-10-01 | N/A | 7.3 HIGH |
| An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. | |||||
| CVE-2024-48392 | 1 Orangescrum | 1 Orangescrum | 2025-09-30 | N/A | 5.4 MEDIUM |
| OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover. | |||||
| CVE-2025-53494 | 2 Mediawiki, Wmde-fisch | 2 Mediawiki, Twocolconflict | 2025-09-30 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-36056 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3948-vef and 3 more | 2025-09-30 | N/A | 5.4 MEDIUM |
| IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||