Latest CVE Feed
-
5.4
MEDIUMCVE-2020-36864
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the ... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2021-47691
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities via the Services page affecting the config_name and service_description fields. Insufficient validation o... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34306
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP searc... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34303
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. W... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2016-15053
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-63443
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-36121
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more
Affected Products : openpages- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-33110
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more
Affected Products : openpages_with_watson- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2023-7316
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a v... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-7704
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-62917
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.9.... Read more
Affected Products : tooltipy- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2024-14000
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the ... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-64132
Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-64285
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-61994
Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page.... Read more
Affected Products : growi- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-12110
A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where ... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-12906
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-53324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2011-10036
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary scrip... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2011-10037
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inj... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting