Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41041 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]', 'data[lang][0][key]', 'data[lang][0][value]', 'data[lang][1][key]' and 'data[title]' parameters in /apprain/developer/language/default.xml.
|
|||||
| CVE-2025-41042 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]', 'data[Option][subject]' and 'data[Option][templatetype]' parameters in /apprain/information/manage/emailtemplate/add.
|
|||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/.
|
|||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create.
|
|||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical.
|
|||||
| CVE-2025-41046 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/960grid.
|
|||||
| CVE-2025-41047 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/ace.
|
|||||
| CVE-2025-41048 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/admin.
|
|||||
| CVE-2025-41049 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/appform.
|
|||||
| CVE-2025-41050 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/base_libs.
|
|||||
| CVE-2025-41051 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/bootstrap.
|
|||||
| CVE-2025-57425 | 1 Remyandrade | 1 Faq Management System | 2025-09-04 | N/A | 6.1 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint.
|
|||||
| CVE-2025-9652 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-9653 | 1 Portabilis | 1 I-educar | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-41054 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/cycle.
|
|||||
| CVE-2025-9939 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
|
A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-9940 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-41052 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/canvasjs.
|
|||||
| CVE-2025-41053 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/commonresource.
|
|||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | N/A | 8.8 HIGH |
|
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter.
|
|||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2025-09-04 | N/A | 7.2 HIGH |
|
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter.
|
|||||
| CVE-2025-41055 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/dialogs.
|
|||||
| CVE-2025-41056 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/hysontable.
|
|||||
| CVE-2025-41057 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/rich_text_editor.
|
|||||
| CVE-2025-41058 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/row_manager.
|
|||||
| CVE-2025-41059 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tablesorter.
|
|||||
| CVE-2025-41060 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/tree.
|
|||||
| CVE-2025-41061 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and 'data[Addon][layouts_except]' parameters in /apprain/developer/addons/update/uploadify.
|
|||||
| CVE-2025-41062 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in /apprain/developer/addons.
|
|||||
| CVE-2025-41063 | 1 Apprain | 1 Apprain | 2025-09-04 | N/A | 5.4 MEDIUM |
|
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db.
|
|||||
| CVE-2025-31476 | 2 Amauri, Tacjs Project | 2 Tarteaucitronjs, Tacjs | 2025-09-04 | N/A | 4.8 MEDIUM |
|
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert(). Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript execution if a user clicked on a malicious link. An attacker with high privileges could insert a link exploiting an insecure URL scheme, ...
Show More |
|||||
| CVE-2024-53277 | 1 Silverstripe | 1 Framework | 2025-09-04 | N/A | 5.4 MEDIUM |
|
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstrip ...
Show More |
|||||
| CVE-2025-30148 | 1 Silverstripe | 1 Framework | 2025-09-04 | N/A | 5.4 MEDIUM |
|
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed ...
Show More |
|||||
| CVE-2025-9796 | 1 Jeesite | 1 Jeesite | 2025-09-04 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
|
|||||
| CVE-2024-45176 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 6.1 MEDIUM |
|
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation.
|
|||||
| CVE-2024-45177 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 5.4 MEDIUM |
|
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation.
|
|||||
| CVE-2025-9773 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2024-48057 | 1 Mudler | 1 Localai | 2025-09-04 | N/A | 6.1 MEDIUM |
|
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
|
|||||
| CVE-2025-48992 | 1 Intermesh | 1 Group-office | 2025-09-04 | N/A | 4.8 MEDIUM |
|
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.
|
|||||
| CVE-2025-48993 | 1 Intermesh | 1 Group-office | 2025-09-04 | N/A | 6.1 MEDIUM |
|
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.
|
|||||