Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57498 | 1 Forestblog Project | 1 Forestblog | 2025-06-13 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
|
|||||
| CVE-2025-46982 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2018-16210 | 1 Wago | 28 750-352, 750-352 Firmware, 750-362 and 25 more | 2025-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
|
|||||
| CVE-2022-45064 | 1 Apache | 1 Apache Sling Engine | 2025-06-13 | N/A | 8.0 HIGH |
|
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power.
Please update to Apache Sling Engine >= 2.14.0 and enable the "Check ...
Show More |
|||||
| CVE-2025-46981 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46979 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46978 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46977 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46976 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-44115 | 1 Cotonti | 1 Cotonti Siena | 2025-06-13 | N/A | 5.4 MEDIUM |
|
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
|
|||||
| CVE-2024-32405 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 2.6 LOW |
|
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
|
|||||
| CVE-2024-57529 | 1 Jeppesen | 1 Jetplanner | 2025-06-13 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
|
|||||
| CVE-2024-39174 | 1 Yzmcms | 1 Yzmcms | 2025-06-13 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article.
|
|||||
| CVE-2024-37674 | 1 Moodle | 1 Moodle | 2025-06-13 | N/A | 5.5 MEDIUM |
|
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
|
|||||
| CVE-2025-46983 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46984 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46985 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46986 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46987 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46988 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2024-52770 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
|
|||||
| CVE-2024-34243 | 1 Pantsel | 1 Konga | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.
|
|||||
| CVE-2025-46837 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 8.7 HIGH |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
|
|||||
| CVE-2025-46838 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46841 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46842 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46843 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46844 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46845 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46846 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46847 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46848 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46850 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46851 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46874 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2025-46875 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2025-46876 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46877 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46878 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2025-46879 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
|
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||