Total
45575 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20246 | 1 Cisco | 1 Webex Meetings | 2025-07-14 | 6.1 Medium |
| A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | ||||
| CVE-2024-53679 | 1 Apache | 1 Vcl | 2025-07-14 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights. This issue affects all versions of Apache VCL through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue. | ||||
| CVE-2024-11824 | 1 Langgenius | 1 Dify | 2025-07-14 | 7.6 High |
| A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information. This issue is fixed in version 0.12.1. | ||||
| CVE-2025-22243 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 7.5 High |
| VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | ||||
| CVE-2025-22244 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 6.9 Medium |
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | ||||
| CVE-2025-22245 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 5.9 Medium |
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. | ||||
| CVE-2025-25247 | 1 Apache | 1 Felix Webconsole | 2025-07-14 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue. | ||||
| CVE-2025-27888 | 1 Apache | 1 Druid | 2025-07-14 | 5.4 Medium |
| Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue. | ||||
| CVE-2024-56916 | 1 Netbox | 1 Netbox | 2025-07-13 | 6.1 Medium |
| In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger. | ||||
| CVE-2024-56917 | 1 Netbox | 1 Netbox | 2025-07-13 | 7.1 High |
| Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. | ||||
| CVE-2025-25905 | 2 4pace, Cadclick | 2 Cadclick, Cadclick | 2025-07-13 | 7.1 High |
| Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter. | ||||
| CVE-2024-56918 | 1 Netbox | 1 Netbox | 2025-07-13 | 6.1 Medium |
| In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. | ||||
| CVE-2025-5194 | 2 Wordpress, Wp Map Block Project | 2 Wordpress, Wp Map Block | 2025-07-13 | 4.8 Medium |
| The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-3467 | 1 Langgenius | 1 Dify | 2025-07-13 | 5.4 Medium |
| An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker. | ||||
| CVE-2025-49542 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 5.2 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser, scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2025-49541 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 4.3 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2025-49543 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 4.3 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2025-49540 | 1 Adobe | 1 Coldfusion | 2025-07-13 | 4.3 Medium |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses. | ||||
| CVE-2024-43291 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder allows Stored XSS.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.4.1. | ||||
| CVE-2024-2245 | 1 Mozilocms | 1 Mozilocms | 2025-07-13 | 5.4 Medium |
| Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter. | ||||