Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: xss Clear
ID Title
CVE-2026-42239 Vulnerability in @budibase/backend-core (CVE-2026-42239)
vulnerability in @budibase/backend-core (CVE-2026-42239). Confidential information can be exposed externally. Exploitable via ``document.cookie``. Mitigation: upgrade to `3.35.10` or later.
CVE-2026-3007 Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
CVE-2026-41650 Vulnerability in fast-xml-parser (CVE-2026-41650)
vulnerability in fast-xml-parser (CVE-2026-41650). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.0` or later.
CVE-2018-25269 Cross-Site Scripting (XSS) in icewarp (CVE-2018-25269)
cross-site scripting in icewarp (CVE-2018-25269). Risk of unauthorized operations or information disclosure.
CVE-2026-40451 Cross-Site Scripting (XSS) in CVE-2026-40451 (CVE-2026-40451)
cross-site scripting in CVE-2026-40451 (CVE-2026-40451). Risk of unauthorized operations or information disclosure.
CVE-2025-10354 Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
CVE-2026-3317 Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
CVE-2024-7083 Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
CVE-2025-48700 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-2749 KEV [KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-33436 Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
CVE-2025-40899 Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
CVE-2026-26291 Cross-Site Scripting (XSS) in CVE-2026-26291 (CVE-2026-26291)
cross-site scripting in CVE-2026-26291 (CVE-2026-26291). Risk of unauthorized operations or information disclosure.
CVE-2025-65134 Cross-Site Scripting (XSS) in CVE-2025-65134 (CVE-2025-65134)
cross-site scripting in CVE-2025-65134 (CVE-2025-65134). Risk of unauthorized operations or information disclosure.
CVE-2026-37980 Cross-Site Scripting (XSS) in redhat (CVE-2026-37980)
cross-site scripting in redhat (CVE-2026-37980). Confidential information can be exposed externally. Exploitable via ``organization.alias``.
CVE-2025-63743 Cross-Site Scripting (XSS) in CVE-2025-63743 (CVE-2025-63743)
cross-site scripting in CVE-2025-63743 (CVE-2025-63743). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.3.2` or later.
CVE-2026-6179 Cross-Site Scripting (XSS) in fptsoftware (CVE-2026-6179)
cross-site scripting in fptsoftware (CVE-2026-6179). Risk of unauthorized operations or information disclosure.
CVE-2026-31845 Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
CVE-2026-21904 Cross-Site Scripting (XSS) in juniper (CVE-2026-21904)
cross-site scripting in juniper (CVE-2026-21904). Risk of unauthorized operations or information disclosure.
CVE-2025-70365 Cross-Site Scripting (XSS) in c (CVE-2025-70365)
cross-site scripting in c (CVE-2025-70365). Risk of unauthorized operations or information disclosure.
CVE-2026-22675 Cross-Site Scripting (XSS) in ocsinventory-ng (CVE-2026-22675)
cross-site scripting in ocsinventory-ng (CVE-2026-22675). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-31313 Cross-Site Scripting (XSS) in feehi (CVE-2026-31313)
cross-site scripting in feehi (CVE-2026-31313). Risk of unauthorized operations or information disclosure.
CVE-2018-25247 Cross-Site Scripting (XSS) in mybb (CVE-2018-25247)
cross-site scripting in mybb (CVE-2018-25247). Risk of unauthorized operations or information disclosure.
CVE-2026-34780 Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
CVE-2026-47099 Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
CVE-2026-35466 Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
CVE-2026-30526 Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
CVE-2026-29598 Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
CVE-2026-30082 Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
CVE-2026-30567 Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
CVE-2026-56358 Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
CVE-2026-5010 Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
CVE-2026-33758 Vulnerability in openbao (CVE-2026-33758)
vulnerability in openbao (CVE-2026-33758). Risk of unauthorized operations or information disclosure. Exploitable via ``error_description``.
CVE-2025-61190 Cross-Site Scripting (XSS) in lyrasis (CVE-2025-61190)
cross-site scripting in lyrasis (CVE-2025-61190). Risk of unauthorized operations or information disclosure.
CVE-2026-32859 Cross-Site Scripting (XSS) in CVE-2026-32859 (CVE-2026-32859)
cross-site scripting in CVE-2026-32859 (CVE-2026-32859). Risk of unauthorized operations or information disclosure.
CVE-2026-33559 Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
CVE-2026-29934 Cross-Site Scripting (XSS) in lightcms-project (CVE-2026-29934)
cross-site scripting in lightcms-project (CVE-2026-29934). Risk of unauthorized operations or information disclosure.
CVE-2026-30587 Cross-Site Scripting (XSS) in seafile (CVE-2026-30587)
cross-site scripting in seafile (CVE-2026-30587). Confidential information can be exposed externally. Mitigation: upgrade to `13.0.17` or later.
CVE-2026-33331 Cross-Site Scripting (XSS) in orpc (CVE-2026-33331)
cross-site scripting in orpc (CVE-2026-33331). Confidential information can be exposed externally.
CVE-2026-32851 Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
cross-site scripting in mailenable (CVE-2026-32851). Risk of unauthorized operations or information disclosure.
CVE-2025-52204 Cross-Site Scripting (XSS) in CVE-2025-52204 (CVE-2025-52204)
cross-site scripting in CVE-2025-52204 (CVE-2025-52204). Risk of unauthorized operations or information disclosure.
CVE-2025-63260 Cross-Site Scripting (XSS) in syncfusion (CVE-2025-63260)
cross-site scripting in syncfusion (CVE-2025-63260). Risk of unauthorized operations or information disclosure.
CVE-2026-22895 Cross-Site Scripting (XSS) in qnap (CVE-2026-22895)
cross-site scripting in qnap (CVE-2026-22895). Risk of unauthorized operations or information disclosure.
CVE-2026-30695 Cross-Site Scripting (XSS) in CVE-2026-30695 (CVE-2026-30695)
cross-site scripting in CVE-2026-30695 (CVE-2026-30695). Risk of unauthorized operations or information disclosure.
CVE-2025-2274 Cross-Site Scripting (XSS) in forcepoint (CVE-2025-2274)
cross-site scripting in forcepoint (CVE-2025-2274). Risk of unauthorized operations or information disclosure.
CVE-2016-20032 Cross-Site Scripting (XSS) in CVE-2016-20032 (CVE-2016-20032)
cross-site scripting in CVE-2016-20032 (CVE-2016-20032). Risk of unauthorized operations or information disclosure.
CVE-2016-20027 Cross-Site Scripting (XSS) in CVE-2016-20027 (CVE-2016-20027)
cross-site scripting in CVE-2016-20027 (CVE-2016-20027). Risk of unauthorized operations or information disclosure.
CVE-2025-13702 Cross-Site Scripting (XSS) in ibm (CVE-2025-13702)
cross-site scripting in ibm (CVE-2025-13702). Risk of unauthorized operations or information disclosure.
CVE-2026-20117 Cross-Site Scripting (XSS) in express (CVE-2026-20117)
cross-site scripting in express (CVE-2026-20117). Risk of unauthorized operations or information disclosure.
CVE-2025-13902 Cross-Site Scripting (XSS) in schneider-electric (CVE-2025-13902)
cross-site scripting in schneider-electric (CVE-2025-13902). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →