Total
39596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11069 | 1 Westboy | 1 Cicadascms | 2025-10-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11068 | 1 Westboy | 1 Cicadascms | 2025-10-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in westboy CicadasCMS 1.0. Affected by this vulnerability is an unknown functionality of the file /system/cms/category/save. The manipulation of the argument categoryName results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11067 | 1 Projectworlds | 1 Visitor Management System | 2025-10-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11119 | 1 Angeljudesuarez | 1 Hostel Management System | 2025-10-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2024-45385 | 1 Siemens | 1 Industrial Edge Management | 2025-10-03 | N/A | 4.7 MEDIUM |
| A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. | |||||
| CVE-2025-5513 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52552 | 1 Jenkins | 1 Authorize Project | 2025-10-03 | N/A | 8.0 HIGH |
| Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2024-54003 | 1 Jenkins | 1 Simple Queue | 2025-10-03 | N/A | 8.0 HIGH |
| Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. | |||||
| CVE-2025-46786 | 2025-10-02 | N/A | 4.3 MEDIUM | ||
| Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. | |||||
| CVE-2025-30664 | 2025-10-02 | N/A | 6.6 MEDIUM | ||
| Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2025-10234 | 1 Scada-lts | 1 Scada-lts | 2025-10-02 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10235 | 1 Scada-lts | 1 Scada-lts | 2025-10-02 | 3.3 LOW | 2.4 LOW |
| A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10366 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2025-10-02 | 4.0 MEDIUM | 3.5 LOW |
| A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-59755 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_CAT.ASP'. | |||||
| CVE-2025-59754 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_original.ASP'. | |||||
| CVE-2025-59753 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_BET.ASP'. | |||||
| CVE-2025-59752 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_LXA.ASP'. | |||||
| CVE-2025-59751 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_DJO.ASP'. | |||||
| CVE-2025-59750 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM.ASP'. | |||||
| CVE-2025-59764 | 1 Andsoft | 1 E-tms | 2025-10-02 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_FCC.ASP'. | |||||