Total
38988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10367 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2025-10-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-60302 | 1 Code-projects | 1 Client Details System | 2025-10-16 | N/A | 6.1 MEDIUM |
| code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. | |||||
| CVE-2025-60304 | 1 Fabian | 1 Simple Scheduling System | 2025-10-16 | N/A | 6.1 MEDIUM |
| code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. | |||||
| CVE-2025-10368 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2025-10-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10369 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2025-10-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-40772 | 1 Siemens | 1 Sipass Integrated | 2025-10-16 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation. | |||||
| CVE-2024-13902 | 1 Huang-yk | 1 Student-manage | 2025-10-15 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9550 | 2025-10-15 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. | |||||
| CVE-2024-13213 | 1 Singmr | 1 Houserent | 2025-10-15 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-56515 | 1 Suisuijiang | 1 Fiora | 2025-10-15 | N/A | 8.8 HIGH |
| File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers (onmouseover) to be uploaded and stored. When rendered, these SVG files execute arbitrary JavaScript, enabling attackers to steal user sessions, cookies, and perform unauthorized actions in the context of users viewing affected profiles. | |||||
| CVE-2025-56243 | 1 Puneethreddyhc | 1 Event Management System | 2025-10-15 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the event_id GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into this parameter. | |||||
| CVE-2025-56382 | 1 Lion-coders | 1 Salepro Pos | 2025-10-15 | N/A | 6.1 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details. | |||||
| CVE-2025-46545 | 1 Sherparpa | 1 Sherpa Orchestrator | 2025-10-15 | N/A | 4.4 MEDIUM |
| In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires. | |||||
| CVE-2024-1146 | 1 Alma | 1 Alma Blog | 2025-10-15 | N/A | 5.8 MEDIUM |
| Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'. | |||||
| CVE-2024-2726 | 1 Atisoluciones | 1 Ciges | 2025-10-15 | N/A | 6.1 MEDIUM |
| Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. | |||||
| CVE-2024-2727 | 1 Atisoluciones | 1 Ciges | 2025-10-15 | N/A | 6.1 MEDIUM |
| HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. | |||||
| CVE-2025-31366 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortisase | 2025-10-15 | N/A | 4.7 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests. | |||||
| CVE-2025-2868 | 1 Oretnom23 | 1 Clinic Queuing System | 2025-10-15 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php. | |||||
| CVE-2025-2869 | 1 Oretnom23 | 1 Clinic Queuing System | 2025-10-15 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manage_user.php. | |||||
| CVE-2025-2870 | 1 Oretnom23 | 1 Clinic Queuing System | 2025-10-15 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patient_side.php. | |||||