Total
40069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8609 | 2025-11-18 | N/A | 6.4 MEDIUM | ||
| The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-44759 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.6 MEDIUM |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | |||||
| CVE-2024-30147 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.5 MEDIUM |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | |||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.7 LOW |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | |||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.3 MEDIUM |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 7.1 HIGH |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||||
| CVE-2025-10018 | 1 Opensolution | 1 Quick.cms | 2025-11-17 | N/A | 4.8 MEDIUM |
| QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | |||||
| CVE-2025-64381 | 2025-11-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7. | |||||
| CVE-2025-0583 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | N/A | 6.1 MEDIUM |
| The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||||
| CVE-2025-63714 | 1 Remyandrade | 1 Modern User Account Generator | 2025-11-17 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of user-supplied input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute when clicked by users. | |||||
| CVE-2025-63639 | 1 Remyandrade | 1 Faq Bot With Ai Assistant | 2025-11-17 | N/A | 6.1 MEDIUM |
| The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing the conversation. | |||||
| CVE-2025-63638 | 1 Remyandrade | 1 Ai-powered To-do List App | 2025-11-17 | N/A | 6.1 MEDIUM |
| Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Task Title" and "Description (Optional)" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Add Task" button. | |||||
| CVE-2024-44635 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.1 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php. | |||||
| CVE-2025-63640 | 1 Rems | 1 Medicine Reminder App | 2025-11-17 | N/A | 6.1 MEDIUM |
| Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicking the "Save Reminder" button. | |||||
| CVE-2025-62210 | 1 Microsoft | 1 Dynamics 365 | 2025-11-17 | N/A | 8.7 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-62211 | 1 Microsoft | 1 Dynamics 365 | 2025-11-17 | N/A | 8.7 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-58964 | 2025-11-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. | |||||
| CVE-2025-58638 | 2025-11-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3. | |||||
| CVE-2025-59556 | 2025-11-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup GoStore gostore allows Reflected XSS.This issue affects GoStore: from n/a through < 1.6.4. | |||||
| CVE-2025-9980 | 1 Opensolution | 1 Quick.cms | 2025-11-17 | N/A | 4.8 MEDIUM |
| QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | |||||