Total
40727 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0583 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | 6.1 Medium |
| The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | ||||
| CVE-2025-63714 | 2 Remyandrade, Sourcecodester | 2 Modern User Account Generator, User Account Generator | 2025-11-17 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users. | ||||
| CVE-2025-63639 | 2 Remyandrade, Sourcecodester | 2 Faq Bot With Ai Assistant, Faq Bot With Ai Assistant | 2025-11-17 | 6.1 Medium |
| The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation. | ||||
| CVE-2025-63638 | 2 Remyandrade, Sourcecodester | 2 Ai-powered To-do List App, Ai Powered To Do List App | 2025-11-17 | 6.1 Medium |
| Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button. | ||||
| CVE-2024-44635 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.1 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php. | ||||
| CVE-2024-14001 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2024-14000 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2024-13993 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 6.1 Medium |
| Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI origin. The issue is observable under legacy browser behaviors; modern browsers may mitigate some vectors. | ||||
| CVE-2024-13992 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain. | ||||
| CVE-2023-7318 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7316 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7315 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7314 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7313 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-53688 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions. | ||||
| CVE-2022-50588 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50587 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50586 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50585 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50584 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 5.4 Medium |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||