Total
38280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22241 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | N/A | 4.3 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | |||||
| CVE-2024-22238 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | N/A | 6.4 MEDIUM |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | |||||
| CVE-2024-1143 | 1 Linecorp | 1 Central Dogma | 2025-06-03 | N/A | 9.3 CRITICAL |
| Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | |||||
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2025-06-03 | N/A | 6.1 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | |||||
| CVE-2023-37531 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | N/A | 3.3 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | |||||
| CVE-2023-37530 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | N/A | 3.0 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | |||||
| CVE-2023-37529 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | N/A | 3.0 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. | |||||
| CVE-2023-37528 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | N/A | 6.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | |||||
| CVE-2023-37527 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | |||||
| CVE-2023-37523 | 1 Hcltechsw | 1 Bigfix Bare Osd Metal Server Webui | 2025-06-03 | N/A | 5.6 MEDIUM |
| Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. | |||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2025-06-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | |||||
| CVE-2022-37250 | 1 Craftcms | 1 Craft Cms | 2025-06-03 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | |||||
| CVE-2025-5135 | 1 Project Team | 1 Tmall Demo | 2025-06-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5134 | 1 Project Team | 1 Tmall Demo | 2025-06-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5133 | 1 Project Team | 1 Tmall Demo | 2025-06-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-51099 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-06-03 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter. | |||||
| CVE-2025-5181 | 1 Summerpearlgroup | 1 Vacation Rental Management Platform | 2025-06-03 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5179 | 1 Realcetecnologia | 1 Queue Ticket Kiosk | 2025-06-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5177 | 1 Realcetecnologia | 1 Queue Ticket Kiosk | 2025-06-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-21732 | 1 Flycms Project | 1 Flycms | 2025-06-03 | N/A | 6.1 MEDIUM |
| FlyCms through abbaa5a allows XSS via the permission management feature. | |||||