Latest CVE Feed
-
6.1
MEDIUMCVE-2022-50681
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in us... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenev... Read more
Affected Products : nopcommerce- Published: Dec. 16, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34440
AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.... Read more
Affected Products : avideo- Published: Dec. 17, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2021-47733
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript w... Read more
Affected Products : cmsimple- Published: Dec. 23, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14151
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and out... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-45286
A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more
Affected Products : go-httpbin- Published: Jan. 02, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-15144
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cro... Read more
Affected Products : xunruicms- Published: Dec. 28, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65233
Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a cr... Read more
Affected Products : slims- Published: Dec. 17, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61674
October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission cou... Read more
Affected Products : october- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61676
October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission... Read more
Affected Products : october- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13892
The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possibl... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13893
The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible ... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0405
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-68457
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding `javascript:` code within data attributes. When consenting to the related purpose, Orejime wo... Read more
Affected Products : orejime- Published: Dec. 19, 2025
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2021-47750
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary ... Read more
Affected Products : youphptube- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2020-36919
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68970
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2022-50896
Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaS... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-69268
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.... Read more
- Published: Jan. 12, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting