Total
38505 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47107 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | 6.4 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-46993 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-07-25 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46996 | 1 Adobe | 1 Experience Manager | 2025-07-25 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-47061 | 1 Adobe | 1 Experience Manager | 2025-07-25 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-6948 | 1 Gitlab | 1 Gitlab | 2025-07-25 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. | ||||
| CVE-2025-53930 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_especie.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `especie` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53929 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `cor` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page `cadastro_pet.php` is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53936 | 1 Wegia | 1 Wegia | 2025-07-25 | 6.1 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `nome_car` parameter. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53935 | 1 Wegia | 1 Wegia | 2025-07-25 | 6.1 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `id` parameter. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53934 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `descricao_emergencia` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53933 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_enfermidade.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53932 | 1 Wegia | 1 Wegia | 2025-07-25 | 6.1 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_adotante.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. Version 3.4.5 fixes the issue. | ||||
| CVE-2025-53931 | 1 Wegia | 1 Wegia | 2025-07-25 | 5.4 Medium |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_raca.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `raca` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue. | ||||
| CVE-2024-13325 | 1 Croberts | 1 Glossy | 2025-07-25 | 6.1 Medium |
| The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-30746 | 1 Oracle | 2 E-business Suite, Istore | 2025-07-25 | 6.1 Medium |
| Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-51864 | 2025-07-25 | 6.5 Medium | ||
| A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) through 2025-05-27, allowing attackers to hijack accounts through stolen JWT tokens. | ||||
| CVE-2025-51862 | 2025-07-25 | 6.1 Medium | ||
| Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in its chat component. An attacker can exploit this IDOR to tamper other users' conversation. Additionally, malicious contents and XSS payloads can be injected, leading to phishing attack, user spoofing and account hijacking via XSS. | ||||
| CVE-2025-51860 | 2025-07-25 | 6.1 Medium | ||
| Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system prompt(instructing the LLM to embed XSS payload in its chat response). When a user interacts with such a malicious AI Character or just browse its profile, the script executes in the user's browser. Successful exploitation can lead to the theft of sensitive information, such as session tokens, potentially resulting in account hijacking. | ||||
| CVE-2025-51462 | 1 Infiniflow | 1 Ragflow | 2025-07-25 | 6.1 Medium |
| Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw. | ||||
| CVE-2025-43488 | 2025-07-25 | N/A | ||
| A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the latest software update. | ||||