Latest CVE Feed
-
6.1
MEDIUMCVE-2025-14007
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack ... Read more
Affected Products : xunruicms- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HT... Read more
Affected Products : lookyloo- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2023-53925
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts wh... Read more
Affected Products : ulicms- Published: Dec. 17, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66512
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-35322
MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.... Read more
Affected Products : mynet- Published: Dec. 24, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34399
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET request and is... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65442
DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malici... Read more
Affected Products : novel- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34404
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request an... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67711
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more
Affected Products : arcgis_server- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65516
A stored cross-site scripting (XSS) vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and s... Read more
Affected Products : seafile_server- Published: Dec. 04, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67986
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67708
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more
Affected Products : arcgis_server- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13936
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4,... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67703
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more
Affected Products : arcgis_server- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34400
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2023-53928
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when... Read more
Affected Products : phpfusion- Published: Dec. 17, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-15094
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing man... Read more
Affected Products : flycms- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13938
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4,... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14104
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-66924
A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.... Read more
Affected Products : open_source_point_of_sale- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting