Export limit exceeded: 46469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10612 | 1 Gisoft | 1 City Guide | 2026-06-05 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS. This issue affects City Guide: before 1.4.45. | ||||
| CVE-2025-10727 | 1 Arksigner | 1 Acbakimzala | 2026-06-05 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4. | ||||
| CVE-2025-10876 | 1 Talentsoftware | 1 Bap Automation | 2026-06-05 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS). This issue affects e-BAP Automation: from 1.8.96 before v.41815. | ||||
| CVE-2025-10913 | 1 Saastech Cleaning And Internet Services Inc. | 1 Temizlikyolda | 2026-06-05 | 8.3 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS). This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10914 | 1 Proliz Software | 1 Obs | 2026-06-05 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS. This issue affects OBS (Student Affairs Information System): before V26.0401. | ||||
| CVE-2025-10955 | 1 Netcad | 1 Netigma | 2026-06-05 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8. | ||||
| CVE-2026-37700 | 1 Maxsite | 1 Maxsite Cms | 2026-06-05 | 4.1 Medium |
| Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | ||||
| CVE-2025-14773 | 1 Abb | 1 T-mac Plus | 2026-06-04 | 8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2026-42849 | 1 Goauthentik | 1 Authentik | 2026-06-04 | 9.3 Critical |
| authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issue has been patched in versions 2025.12.5 and 2026.2.3. | ||||
| CVE-2026-3644 | 1 Python | 2 Cpython, Python | 2026-06-04 | 7.5 High |
| The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output(). | ||||
| CVE-2025-11950 | 2 Eduasist, Knowhy Advanced Technology Trading | 2 Eduasist, Eduasist | 2026-06-04 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS. This issue affects EduAsist: before v2.1. | ||||
| CVE-2025-11956 | 1 Proliz Software | 1 Obs | 2026-06-04 | 8.9 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before 25.0401. | ||||
| CVE-2026-26378 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-06-04 | 5.4 Medium |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | ||||
| CVE-2026-33245 | 2 Remix-run, Shopify | 2 React-router, React-router | 2026-06-04 | 8 High |
| React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not impact applications that are not using the unstable RSC APIs in React Router. This is patched in version 7.13.2. | ||||
| CVE-2026-42929 | 2 Danelec, Macgregor | 3 Macgregor Voyage Data Recorder (vdr) G4e, Interschalt Vdr G4e, Interschalt Vdr G4e Firmware | 2026-06-04 | 8.3 High |
| Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||||
| CVE-2026-7299 | 1 Appsmith | 1 Appsmith | 2026-06-04 | 6.3 Medium |
| Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource. | ||||
| CVE-2026-43984 | 1 Tautulli | 1 Tautulli | 2026-06-04 | 8.9 High |
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The administrator-only `logFile` view then reads that log file and embeds it into an HTML response without escaping. This creates a stored cross-site scripting condition where a low-privilege guest can inject HTML or JavaScript into the log file and have it execute in an administrator's browser when the log viewer is opened. Version 2.17.1 patches the issue. | ||||
| CVE-2019-25744 | 2 Popup Builder, Wordpress | 2 Popup Builder, Wordpress | 2026-06-04 | 6.4 Medium |
| WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections. | ||||
| CVE-2022-50957 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2026-06-04 | 6.1 Medium |
| Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2026-10810 | 1 Itsourcecode | 1 Fees Management System | 2026-06-04 | 4.3 Medium |
| A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||