VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-14
CVE-2025-33104
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
high complexity
CWE-79
4.4
4.4
2025-05-13
CVE-2025-30314
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
CWE-79
6.1
6.1
2025-05-13
CVE-2025-30315
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
CWE-79
6.1
6.1
2025-05-13
CVE-2025-30316
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
CWE-79
5.4
5.4
2025-05-13
CVE-2025-43567
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
CWE-79
critical
9.3
9.3
2025-05-13
CVE-2024-51446
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4).
network
low complexity
CWE-79
6.5
6.5
2025-05-13
CVE-2025-26662
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script.
network
high complexity
CWE-79
4.4
4.4
2025-05-13
CVE-2025-30009
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim?s browser.
network
low complexity
CWE-79
6.1
6.1
2025-05-13
CVE-2025-43006
SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-05-10
CVE-2025-3878
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
1
(current)
2
3
4
5
...
1928
1929
»
Next