Total
39745 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56304 | 1 Yzmcms | 1 Yzmcms | 2025-10-08 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page. | ||||
| CVE-2025-3019 | 1 Knime | 1 Business Hub | 2025-10-08 | 7.2 High |
| KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later | ||||
| CVE-2025-59415 | 1 Frappe | 3 Frappe, Frappe Lms, Learning | 2025-10-08 | 4.6 Medium |
| Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. | ||||
| CVE-2025-57452 | 2 Oppo, Realme | 2 Coloros, Clone Phone | 2025-10-08 | 6.1 Medium |
| In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents. | ||||
| CVE-2024-36453 | 1 Webmin | 2 Usermin, Webmin | 2025-10-08 | 6.1 Medium |
| Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed. | ||||
| CVE-2025-52653 | 1 Hcltech | 1 Dryice Myxalytics | 2025-10-08 | 7.6 High |
| HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. | ||||
| CVE-2025-8276 | 1 Patika Global Technologies | 1 Humansuite | 2025-10-08 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing.This issue affects HumanSuite: before 53.21.0. | ||||
| CVE-2025-61599 | 1 Emlog | 1 Emlog | 2025-10-08 | 5.4 Medium |
| Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on the server and gets executed in the browser of any user, including administrators, when they click on the malicious post to view it. This issue does not currently have a fix. | ||||
| CVE-2025-60448 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-10-08 | 6.1 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed. | ||||
| CVE-2025-11276 | 1 Getrebuild | 1 Rebuild | 2025-10-08 | 3.5 Low |
| A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this issue. It is suggested to upgrade the affected component. According to the researcher the vendor has confirmed the flaw and fix in a private issue response. | ||||
| CVE-2025-61198 | 1 Orban | 2 Optimod 5750, Optimod 5950 | 2025-10-08 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. | ||||
| CVE-2025-11333 | 1 Langleyfcu | 1 Online Banking System | 2025-10-08 | 2.4 Low |
| A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | ||||
| CVE-2024-5420 | 1 Seh | 3 Inu-100, Utnserver Pro, Utnserver Promax | 2025-10-08 | N/A |
| Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. | ||||
| CVE-2025-50938 | 1 Hustoj | 1 Hustoj | 2025-10-07 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. | ||||
| CVE-2025-26791 | 2 Cure53, Redhat | 6 Dompurify, Ansible Automation Platform, Network Observ Optr and 3 more | 2025-10-07 | 4.5 Medium |
| DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). | ||||
| CVE-2025-0706 | 1 Joeybling | 1 Bootplus | 2025-10-07 | 2.4 Low |
| A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-11282 | 1 Frappe | 2 Frappe Lms, Learning | 2025-10-07 | 2.4 Low |
| A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The affected component should be upgraded. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them. | ||||
| CVE-2025-11283 | 1 Frappe | 2 Frappe Lms, Learning | 2025-10-07 | 2.4 Low |
| A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them. | ||||
| CVE-2024-37629 | 1 Summernote | 1 Summernote | 2025-10-07 | 6.1 Medium |
| SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | ||||
| CVE-2025-57692 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-10-07 | 6.8 Medium |
| PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser. | ||||