Latest CVE Feed
-
5.4
MEDIUMCVE-2025-63450
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-64149
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentia... Read more
Affected Products : publish_to_bitbucket- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-6639
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignm... Read more
Affected Products :- Published: Oct. 25, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-57244
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tag... Read more
Affected Products : openkm- Published: Nov. 05, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-10727
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-62402
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.... Read more
Affected Products : airflow- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-34278
Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rend... Read more
Affected Products : network_analyzer- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2023-7323
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2022-50585
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attac... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2011-10040
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbit... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2011-10038
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary scri... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-63449
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.... Read more
Affected Products : water_management_system- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-20303
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products : identity_services_engine- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-20304
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more
Affected Products : identity_services_engine- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2021-47698
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inject an... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2018-25121
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-8558
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licens... Read more
Affected Products : insider_threat_management_server- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-12280
A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The ... Read more
- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-34317
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME parameter when adding a new DNS entry. When a user... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting