Total
39743 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36862 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 6.1 Medium |
| Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to insufficient output encoding (XSS), and (2) cause the server to fetch attacker-specified URLs (SSRF), potentially accessing internal network resources. An unauthenticated remote attacker can leverage these issues to execute script in a user's browser when the exported content is viewed and to disclose sensitive information reachable from the export server via SSRF. | ||||
| CVE-2020-36864 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2020-36865 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Business Process Intelligence) component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2021-47695 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2021-47696 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2021-47697 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2021-47699 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50586 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50587 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2022-50588 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-53688 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions. | ||||
| CVE-2023-7313 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7314 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7315 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7321 | 1 Nagios | 1 Log Server | 2025-11-05 | 5.4 Medium |
| Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application origin. | ||||
| CVE-2025-63442 | 1 Nababur | 1 Simple-user-management-system | 2025-11-05 | 4.6 Medium |
| Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser | ||||
| CVE-2025-50363 | 1 Phpgurukul | 1 Maid Hiring Management System | 2025-11-05 | 5.4 Medium |
| Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field. | ||||
| CVE-2019-18860 | 5 Canonical, Debian, Opensuse and 2 more | 5 Ubuntu Linux, Debian Linux, Leap and 2 more | 2025-11-05 | 6.1 Medium |
| Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | ||||
| CVE-2024-28045 | 1 Deltaww | 1 Diaenergie | 2025-11-05 | 4.6 Medium |
| Improper neutralization of input within the affected product could lead to cross-site scripting. | ||||
| CVE-2025-12324 | 2 Tablepress, Wordpress | 2 Tablepress, Wordpress | 2025-11-05 | 6.4 Medium |
| The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||