Total
40765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5631 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2025-10-30 | 6.1 Medium |
| Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | ||||
| CVE-2025-12333 | 2 Code-projects, Fabian | 2 E-commerce Website, E-commerce Website | 2025-10-30 | 4.3 Medium |
| A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50055 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-10-30 | 6.4 Medium |
| Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter | ||||
| CVE-2025-2161 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 7.1 High |
| Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-2160 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 8.1 High |
| Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-32809 | 1 Wwnorton | 1 Inquizitive | 2025-10-30 | 6.4 Medium |
| W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id. | ||||
| CVE-2025-8848 | 1 Librechat | 1 Librechat | 2025-10-30 | 5.4 Medium |
| A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks. | ||||
| CVE-2025-11819 | 1 Wordpress | 1 Wordpress | 2025-10-30 | 6.4 Medium |
| The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-36800 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | ||||
| CVE-2023-38164 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36886 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-62528 | 1 Taguette | 1 Taguette | 2025-10-30 | 5.4 Medium |
| Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0. | ||||
| CVE-2025-10869 | 1 Oct8ne | 1 Chatbot | 2025-10-30 | 6.1 Medium |
| Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through /Data/SaveInteractions. | ||||
| CVE-2025-55033 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2024-43573 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-30 | 6.5 Medium |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-12374 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-10-30 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. | ||||
| CVE-2025-60983 | 1 Rubikon | 1 Banking Solution | 2025-10-30 | 5.4 Medium |
| Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints. | ||||
| CVE-2025-10023 | 1 Centreon | 1 Centreon | 2025-10-30 | 6.2 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | ||||
| CVE-2025-12289 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12290 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||