Total
40773 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1213 | 1 Pihome | 1 Maxair | 2025-10-17 | 3.5 Low |
| A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48569 | 1 Aci Worldwide | 1 Proactive Risk Manager | 2025-10-17 | 5.4 Medium |
| Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/ | ||||
| CVE-2024-47854 | 1 Veritas | 1 Data Insight | 2025-10-17 | 6.1 Medium |
| An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2025-57877 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser. | ||||
| CVE-2025-57876 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. | ||||
| CVE-2025-57875 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser. | ||||
| CVE-2025-57874 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser. | ||||
| CVE-2025-57873 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser. | ||||
| CVE-2025-57871 | 1 Esri | 1 Portal For Arcgis | 2025-10-17 | 4.8 Medium |
| There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser. | ||||
| CVE-2025-54089 | 1 Absolute | 1 Secure Access | 2025-10-16 | 3.4 Low |
| CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity. | ||||
| CVE-2025-56807 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-10-16 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders. | ||||
| CVE-2025-11146 | 1 Apt-cacher-ng Project | 1 Apt-cacher-ng | 2025-10-16 | 5.4 Medium |
| Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”. | ||||
| CVE-2025-11147 | 1 Apt-cacher-ng Project | 1 Apt-cacher-ng | 2025-10-16 | 5.4 Medium |
| Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/<filename>.html”. | ||||
| CVE-2025-55996 | 2 Rakuten, Viber | 2 Viber, Desktop | 2025-10-16 | 6.3 Medium |
| Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface | ||||
| CVE-2025-56795 | 1 Mealie | 1 Mealie | 2025-10-16 | 9 Critical |
| Mealie 3.0.1 and earlier is vulnerable to Stored Cross-Site Scripting (XSS) in the recipe creation functionality. Unsanitized user input in the "note" and "text" fields of the "/api/recipes/{recipe_name}" endpoint is rendered in the frontend without proper escaping leading to persistent XSS. | ||||
| CVE-2025-45585 | 1 Audi | 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware | 2025-10-16 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the wifi_sta_ssid or wifi_ap_ssid parameters. | ||||
| CVE-2025-10367 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2025-10-16 | 3.5 Low |
| A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-60304 | 2 Code-projects, Fabian | 2 Simple Scheduling System, Simple Scheduling System | 2025-10-16 | 6.1 Medium |
| code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. | ||||
| CVE-2025-10368 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2025-10-16 | 3.5 Low |
| A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10369 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2025-10-16 | 3.5 Low |
| A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||