Total
39601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30113 | 1 Hcltech | 1 Leap | 2025-10-29 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2023-37534 | 1 Hcltech | 1 Leap | 2025-10-29 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | ||||
| CVE-2022-44759 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.6 Medium |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | ||||
| CVE-2024-12211 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2025-10-29 | 5.4 Medium |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | ||||
| CVE-2024-39594 | 1 Sap | 2 Business Warehouse, Business Warehouse Virtual Comp | 2025-10-29 | 6.1 Medium |
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application. | ||||
| CVE-2021-31693 | 1 10web | 1 Photo Gallery | 2025-10-29 | 6.1 Medium |
| The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | ||||
| CVE-2024-3575 | 1 Mindsdb | 1 Mindsdb | 2025-10-29 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb | ||||
| CVE-2024-5410 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-29 | 5.4 Medium |
| Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | ||||
| CVE-2024-30112 | 1 Hcltech | 1 Connections | 2025-10-28 | 5.4 Medium |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | ||||
| CVE-2024-0640 | 1 Chatwoot | 1 Chatwoot | 2025-10-28 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2. | ||||
| CVE-2024-10088 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 6.1 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2024-10089 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 5.4 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2024-10090 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 6.1 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2024-13598 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 6.1 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2024-49707 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 6.1 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2024-49708 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 5.4 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 | ||||
| CVE-2025-27441 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-28 | 4.6 Medium |
| Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||||
| CVE-2025-27442 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-28 | 4.6 Medium |
| Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | ||||
| CVE-2024-10087 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | 5.4 Medium |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0 | ||||
| CVE-2025-59838 | 1 Monkeytype | 1 Monkeytype | 2025-10-28 | 5.4 Medium |
| Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0. | ||||