CVE-2025-37732

CVE-2025-37732 is a Kibana Cross-site Scripting (XSS) vulnerability via the Integration Package Upload Functionality. The root cause is improper neutralization of input during web page generation (CWE-79). An authenticated user can cause HTML tags to be rendered in a user’s browser, leading to HT...

CVE-2025-63061

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash KALLYAS kallyas allows DOM-Based XSS.This issue affects KALLYAS: from n/a through 4.25.0...

CVE-2025-64672

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2025-63044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

CVE-2025-67545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...

CVE-2025-13127 XSS in TACAS Consulting's GoldenHorn

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS. This issue affects GoldenHorn: before 4.25.1121.1...

TAC GoldenHorn 跨站脚本漏洞

TAC GoldenHorn is an Enterprise Resource Planning ERP system from TAC Turkey. A cross-site scripting vulnerability exists in TAC GoldenHorn versions prior to 4.25.1121.1, which stems from improper input neutralization during web page generation and could lead to cross-site scripting attacks...

EUVD-2025-202050

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957...

EUVD-2025-202152

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957...

CVE-2025-64672

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

EUVD-2025-202205

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2025-6923

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 42957...

CVE-2025-63055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2025-63050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through 19.9.9.7...

CVE-2025-63046

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through = 2.9.9...

CVE-2025-63045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through = 3.7.12...

CVE-2025-63075

The CVE describes a DOM-based XSS in the WordPress Betheme theme, affecting Betheme versions up to 28.1.7. Root cause per the sources is improper neutralization of input during web page generation, enabling DOM-Based XSS without server-side code execution. Affected component: Betheme (WordPress t...

CVE-2025-63045

CVE-2025-63045 describes a DOM-based XSS in the WordPress plugin Master Slider Pro (versions

CVE-2025-63045 WordPress Master Slider Pro plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through = 3.7.12...

CVE-2025-6923 Reflected XSS in Talent Software's UNIS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Talent Software UNIS allows Reflected XSS. This issue affects UNIS: before 42957...