Export limit exceeded: 336799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44052 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11449 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | ||||
| CVE-2019-11359 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | ||||
| CVE-2019-11428 | 1 Scilico | 1 I\, Librarian | 2025-12-10 | N/A |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | ||||
| CVE-2025-12705 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.2 High |
| The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5. | ||||
| CVE-2025-14205 | 2 Code-projects, Fabian | 2 Chamber Of Commerce Membership Management System, Chamber Of Commerce Membership Management System | 2025-12-10 | 2.4 Low |
| A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-6946 | 1 Watchguard | 29 Firebox M270, Firebox M290, Firebox M370 and 26 more | 2025-12-10 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | ||||
| CVE-2025-13939 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13938 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13937 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-13936 | 1 Watchguard | 35 Firebox M270, Firebox M290, Firebox M370 and 32 more | 2025-12-10 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | ||||
| CVE-2025-65959 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-12-10 | 8.7 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37. | ||||
| CVE-2024-38156 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-09 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-35267 | 1 Microsoft | 1 Azure Devops Server | 2025-12-09 | 7.6 High |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2024-35266 | 1 Microsoft | 1 Azure Devops Server | 2025-12-09 | 7.6 High |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2025-14221 | 2 Oretnom23, Sourcecodester | 2 Banking System, Online Banking System | 2025-12-09 | 3.5 Low |
| A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-66514 | 1 Nextcloud | 1 Mail | 2025-12-09 | 3.5 Low |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code. | ||||
| CVE-2025-46261 | 1 Castos | 1 Seriously Simple Podcasting | 2025-12-09 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0. | ||||
| CVE-2025-13604 | 2 Cleantalk, Wordpress | 2 Security & Malware Scan, Wordpress | 2025-12-09 | 7.2 High |
| The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-66554 | 1 Nextcloud | 1 Contacts | 2025-12-09 | 3.5 Low |
| Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5. | ||||
| CVE-2025-66512 | 1 Nextcloud | 4 Nextcloud, Nextcloud Enterprise Server, Nextcloud Server and 1 more | 2025-12-09 | 5.4 Medium |
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page. | ||||