CVE-2025-22636

HIGH Year: 2025
CVSS v3 Score
8.2
High
Weakness Type
CWE-79
View all →

Vulnerability Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases allows Reflected XSS. This issue affects VR-Frases: from n/a through 3.0.1.

Related Vulnerabilities

CVE-2016-8356

HIGH
CVSS:8.2(High)

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabiliti...

CWE-792016

CVE-2017-2683

HIGH
CVSS:8.2(High)

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining...

CWE-792017

CVE-2018-20850

HIGH
CVSS:8.2(High)

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.

CWE-792018

CVE-2019-18426

HIGH
CVSS:8.2(High)

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnera...

CWE-792019

CVE-2020-14582

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-14584

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable ...

CWE-792020