Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2025-05-28 | N/A | 6.1 MEDIUM |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | |||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2025-05-28 | N/A | 5.4 MEDIUM |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | |||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2025-05-28 | N/A | 5.4 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | |||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | N/A | N/A |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | N/A | N/A |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12679 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | N/A | N/A |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12680 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | N/A | N/A |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13486 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | N/A | N/A |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13482 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | N/A | N/A |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-8703 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | N/A | N/A |
| The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs. | |||||
| CVE-2025-0687 | 1 Mynamedia | 1 Spiritual Gifts Survey \(and Optional S.h.a.p.e Survey\) | 2025-05-28 | N/A | N/A |
| The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | |||||
| CVE-2025-0688 | 1 Mynamedia | 1 Spiritual Gifts Survey \(and Optional S.h.a.p.e Survey\) | 2025-05-28 | N/A | N/A |
| The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | |||||
| CVE-2025-4745 | 1 Fabian | 1 Employee Record System | 2025-05-28 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3996 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-28 | N/A | 4.8 MEDIUM |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-41239 | 1 Jenkins | 1 Dotci | 2025-05-28 | N/A | 5.4 MEDIUM |
| Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-41229 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-05-28 | N/A | 5.4 MEDIUM |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-41240 | 1 Jenkins | 1 Walti | 2025-05-28 | N/A | 5.4 MEDIUM |
| Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | |||||
| CVE-2025-40651 | 2025-05-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | |||||
| CVE-2019-11843 | 1 Automattic | 1 Mailpoet | 2025-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | |||||
| CVE-2025-4744 | 1 Fabian | 1 Employee Record System | 2025-05-28 | N/A | 4.6 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||