Total
37283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7142 | 2025-07-07 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53491 | 2025-07-07 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FlaggedRevs Extension: from 1.43.X before 1.43.2. | ||||
| CVE-2025-53487 | 2025-07-07 | N/A | ||
| The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped. This issue affects Mediawiki - ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-7141 | 2025-07-07 | 2.4 Low | ||
| A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7140 | 2025-07-07 | 2.4 Low | ||
| A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7139 | 2025-07-07 | 2.4 Low | ||
| A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53488 | 2025-07-07 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - WikiHiero Extension allows Stored XSS.This issue affects Mediawiki - WikiHiero Extension: from 1.43.X before 1.43.2. | ||||
| CVE-2025-53478 | 2025-07-07 | N/A | ||
| The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-53486 | 2025-07-07 | N/A | ||
| The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the {{#tag:tagcloud}} parser function, resulting in arbitrary JavaScript execution when a victim hovers over a link in the category cloud. The vulnerability exists because the linkstyle parameter is only passed through Sanitizer::checkCss() (which does not escape HTML) and is then directly inserted into a style attribute using string concatenation instead of Html::element or Html::openElement. This issue affects Mediawiki - WikiCategoryTagCloud extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-7057 | 2025-07-07 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-53496 | 2025-07-07 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch Extension: from 1.39.X before 1.39.13, from 1.43.X before 1.43.2. | ||||
| CVE-2025-53370 | 2025-07-07 | 8.6 High | ||
| Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0. | ||||
| CVE-2025-6538 | 1 Bourgesloic | 1 Post Rating And Review | 2025-07-07 | 6.4 Medium |
| The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-40846 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 4.8 Medium |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | ||||
| CVE-2022-40844 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 5.4 Medium |
| In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | ||||
| CVE-2025-40733 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. | ||||
| CVE-2025-40734 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. | ||||
| CVE-2025-25929 | 1 Openmrs | 1 Openmrs | 2025-07-07 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter. | ||||
| CVE-2024-52702 | 1 Mybb | 1 Mybb | 2025-07-07 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. | ||||
| CVE-2025-28971 | 2025-07-07 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider allows Stored XSS. This issue affects Easy Elements Hider: from n/a through 2.0. | ||||