Latest CVE Feed
-
5.4
MEDIUMCVE-2022-50585
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attac... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62402
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.... Read more
Affected Products : airflow- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2018-25121
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-48076
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.... Read more
Affected Products : galette- Published: Nov. 04, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-20303
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products : identity_services_engine- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-20304
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products : identity_services_engine- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2016-15049
Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlle... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2016-15051
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and e... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-49390
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through <= 1.6.4.... Read more
Affected Products : cookie_notice_\&_consent- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-53324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2020-36860
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacke... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2020-36861
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping o... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2021-47689
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insuffici... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2021-47690
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to in... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-55155
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in ... Read more
Affected Products : mantisbt- Published: Nov. 04, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2020-36866
Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-36135
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an a... Read more
- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-63449
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.... Read more
Affected Products : water_management_system- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-12908
Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-62430
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Produ... Read more
Affected Products : clipbucket- Published: Oct. 17, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Cross-Site Scripting