Filtered by CWE-79
Total 45425 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43362 1 Cacti 1 Cacti 2025-11-03 7.3 High
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
CVE-2024-27306 3 Aiohttp, Fedoraproject, Redhat 6 Aiohttp, Fedora, Ansible Automation Platform and 3 more 2025-11-03 6.1 Medium
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.
CVE-2025-53084 1 Wwbn 1 Avideo 2025-11-03 9 Critical
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-52187 1 Getprojects 1 Create School Management System 2025-11-03 8.2 High
GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.
CVE-2025-50128 1 Wwbn 1 Avideo 2025-11-03 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-46410 1 Wwbn 1 Avideo 2025-11-03 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-41420 1 Wwbn 1 Avideo 2025-11-03 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-36548 1 Wwbn 1 Avideo 2025-11-03 8.3 High
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
CVE-2025-32731 1 Meddream 2 Pacs Premium, Pacs Server 2025-11-03 6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-30087 1 Bestpractical 1 Request Tracker 2025-11-03 7.2 High
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVE-2025-27679 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005.
CVE-2025-27676 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002.
CVE-2025-27654 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.
CVE-2025-27653 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.
CVE-2025-27637 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-11-03 6.1 Medium
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
CVE-2025-26065 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
CVE-2025-26064 1 Intelbras 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more 2025-11-03 7.3 High
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
CVE-2024-56527 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
CVE-2024-56519 1 Tcpdf Project 1 Tcpdf 2025-11-03 7.5 High
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
CVE-2024-47093 1 Nagvis 1 Nagvis 2025-11-03 8.8 High
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS