Total
37871 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53494 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | |||||
| CVE-2025-52559 | 2025-07-03 | N/A | 6.8 MEDIUM | ||
| Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/. | |||||
| CVE-2025-52462 | 2025-07-03 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL. | |||||
| CVE-2025-49032 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS.This issue affects Gutenberg Blocks: from n/a through 3.3.1. | |||||
| CVE-2025-40722 | 2025-07-03 | N/A | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags. | |||||
| CVE-2024-5647 | 2025-07-03 | N/A | 6.4 MEDIUM | ||
| Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was fixed in the upstream library (Magnific Popups version 1.2.0) by disabling the loading of HTML within certain fields by default. | |||||
| CVE-2025-2540 | 2025-07-03 | N/A | 6.4 MEDIUM | ||
| Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-2537 | 2025-07-03 | N/A | 6.4 MEDIUM | ||
| Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-33210 | 1 Flatpress | 1 Flatpress | 2025-07-03 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. | |||||
| CVE-2024-45960 | 1 Tribalsystems | 1 Zenario | 2025-07-03 | N/A | 4.8 MEDIUM |
| Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. | |||||
| CVE-2024-45964 | 1 Tribalsystems | 1 Zenario | 2025-07-03 | N/A | 4.8 MEDIUM |
| Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. | |||||
| CVE-2024-45965 | 1 Contao | 1 Contao | 2025-07-03 | N/A | 6.4 MEDIUM |
| Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6. | |||||
| CVE-2024-46409 | 1 Seeddms | 1 Seeddms | 2025-07-03 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. | |||||
| CVE-2024-42901 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | N/A | 4.8 MEDIUM |
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | |||||
| CVE-2024-44085 | 1 Onlyoffice | 1 Onlyoffice | 2025-07-03 | N/A | 6.1 MEDIUM |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | |||||
| CVE-2022-40490 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-07-03 | N/A | 4.8 MEDIUM |
| Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. | |||||
| CVE-2024-57599 | 1 Douco | 1 Douphp | 2025-07-03 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | |||||
| CVE-2024-54795 | 1 Eng | 1 Spagobi | 2025-07-03 | N/A | 5.4 MEDIUM |
| SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. | |||||
| CVE-2024-33297 | 1 Microweber | 1 Microweber | 2025-07-03 | N/A | 4.7 MEDIUM |
| Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | |||||
| CVE-2024-33298 | 1 Microweber | 1 Microweber | 2025-07-03 | N/A | 6.1 MEDIUM |
| Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | |||||