Medium
CVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is du…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 41/398 • 47651 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47651 CVEs for this tag (all time). In the last 365 days, 7587 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-10-22
Medium
CVE-2025-10138
The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input saniti…
Medium
CVE-2025-12033
The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pro_ve…
Medium
CVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitizati…
2025-10-21
Medium
CVE-2025-62249
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q…
Medium
CVE-2025-61457
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.
Medium
CVE-2025-61255
Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection…
High
CVE-2025-60507
Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direc…
Medium
CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edit…
Medium
CVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edit…
Medium
CVE-2025-60506
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary Jav…
Medium
CVE-2025-60280
Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient…
Medium
CVE-2025-60934
Multiple stored cross-site scripting (XSS) vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML vi…
Medium
CVE-2025-60933
Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML…
Medium
CVE-2025-60932
Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML…
Medium
CVE-2025-10612
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Gu…
Medium
CVE-2025-62702
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue aff…
Medium
CVE-2025-62701
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Medi…
Medium
CVE-2025-62694
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affec…
Medium
CVE-2025-62695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue aff…
2025-10-20
Medium
CVE-2025-12001
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Medium
CVE-2025-62657
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affect…
Medium
CVE-2025-62656
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue a…
Medium
CVE-2025-60781
PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
Medium
CVE-2025-62700
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.Thi…
Medium
CVE-2025-62698
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects…
Medium
CVE-2025-62693
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue a…
Medium
CVE-2025-61456
A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into th…
High
CVE-2025-61417
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an admi…
Medium
CVE-2025-61454
A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into…
Medium
CVE-2025-8349
Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScrip…
2025-10-19
Low
CVE-2025-11946
A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing man…
Low
CVE-2025-11945
A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site script…
2025-10-18
Medium
CVE-2025-11926
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and outpu…
Medium
CVE-2025-9562
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qs_date shortcode in all versions up to, and including, 3.2.6 due to insufficient…
Medium
CVE-2025-11270
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and…
Medium
CVE-2025-10006
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rev_slider_vc' shortcode in all versions up to, and including, 8.6 due to insufficient in…
Medium
CVE-2025-11937
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - SecurePoll Extension allows Stored XSS.This issue aff…
Medium
CVE-2025-11857
The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxp_fb2wp_display_embed' shortcode in all versions up to, and including, 1.9.9. This is due to t…
Medium
CVE-2025-62671
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects…
Medium
CVE-2025-62670
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue a…
Medium
CVE-2025-62667
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This is…
Medium
CVE-2025-62664
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue af…
Medium
CVE-2025-62663
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue a…
Medium
CVE-2025-62662
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - AdvancedSearch Extension allows Stored XSS.This issue…
Medium
CVE-2025-62665
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stored XSS.This issue affects Mediawi…
Medium
CVE-2020-36854
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX…
High
CVE-2020-36853
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and ou…
2025-10-17
Low
CVE-2025-62654
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects…
Low
CVE-2025-62653
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects M…
Medium
CVE-2025-62652
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects…
Medium
CVE-2025-62508
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handli…
Medium
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplie…
Medium
CVE-2025-34281
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit…
Medium
CVE-2025-62430
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tag…
Medium
CVE-2025-62421
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentica…
Medium
CVE-2025-58747
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote…
Medium
CVE-2025-48087
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberl…
2025-10-16
Medium
CVE-2025-62414
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to…
Medium
CVE-2025-34253
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creat…
Medium
CVE-2025-62413
MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malic…
Medium
CVE-2025-62411
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality.…
Medium
CVE-2025-34512
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in…
Low
CVE-2025-11851
A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripti…
Medium
CVE-2025-61539
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
Medium
CVE-2025-55072
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Medium
CVE-2025-54859
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Medium
CVE-2025-54760
Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
Medium
CVE-2025-52583
Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser.
Medium
CVE-2025-24833
Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
Medium
CVE-2025-58115
ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product.
Medium
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product.
Medium
CVE-2025-41021
Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin…
Medium
CVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output escaping.…
2025-10-15
Medium
CVE-2025-20351
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attack…
Medium
CVE-2025-61933
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Softw…
Medium
CVE-2025-59269
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in…
Medium
CVE-2025-10869
Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creatio…
High
CVE-2025-10313
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the fa…
Medium
CVE-2025-10194
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input saniti…
Medium
CVE-2025-10141
The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and o…
Medium
CVE-2025-10140
The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input…
Medium
CVE-2025-10139
The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bw_link' shortcode in all versions up to, and including, 0.9 due to insufficient input sanitizat…
Medium
CVE-2025-10135
The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization…
Medium
CVE-2025-10133
The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyar_shortlink' shortcode in all versions up to, and including, 1.1.0 due to insufficient…
Medium
CVE-2025-10132
The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitizatio…
Medium
CVE-2025-11161
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to, and including, 8.6.1. This is due to insufficien…
Medium
CVE-2025-11160
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input san…
Medium
CVE-2025-8561
The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and out…
2025-10-14
Medium
CVE-2025-61797
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into…
Medium
CVE-2025-61796
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into…
Medium
CVE-2025-54272
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into…
Critical
CVE-2025-49553
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser.…
High
CVE-2025-49552
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a vi…
Medium
CVE-2025-54266
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-…
High
CVE-2025-54264
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that…
Medium
CVE-2025-60374
Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting…
Medium
CVE-2025-59429
FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is…
High
CVE-2025-8459
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored…
Medium
CVE-2025-8430
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS…
Medium
CVE-2025-8429
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS b…
High
CVE-2025-62172
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scrip…
Medium
CVE-2025-58324
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all…
Medium
CVE-2025-54893
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by…
Medium
CVE-2025-31366
An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, For…
Medium
CVE-2025-8428
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affect…
Medium
CVE-2025-54892
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by…
Medium
CVE-2025-54891
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS…
Medium
CVE-2025-54889
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XS…
Medium
CVE-2024-44088
Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted…
Medium
CVE-2025-7329
A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulner…
Medium
CVE-2025-11712
A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contribut…
High
CVE-2025-40772
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malici…
Medium
CVE-2025-10357
The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-…
2025-10-13
Medium
CVE-2025-62365
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this`…
Medium
CVE-2025-62359
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /pet/profile…
Medium
CVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scrip…
Low
CVE-2025-62178
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendi…
Medium
CVE-2025-62246
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 20…
Medium
CVE-2025-11184
Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page