Latest CVE Feed
-
6.1
MEDIUMCVE-2026-0946
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1.... Read more
Affected Products : at_internet_smarttag- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2018-25132
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the tren... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58091
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58092
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58094
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25393
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to th... Read more
Affected Products : smoothwall- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25385
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the ou... Read more
Affected Products : smoothwall- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24323
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, le... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24839
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious ifr... Read more
Affected Products : dokploy- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-70958
Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, an... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58093
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-52629
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0... Read more
Affected Products : aion- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-54157
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL t... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-49045
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54495
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54778
A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to t... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-69848
NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are include... Read more
Affected Products : netbox- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21966
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allo... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.1
MEDIUMCVE-2025-53707
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL ... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-53854
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting