Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54676 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. | |||||
| CVE-2025-28975 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1. | |||||
| CVE-2025-28999 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7. | |||||
| CVE-2025-49048 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stored XSS. This issue affects Inspectlet – User Session Recording and Heatmaps: from n/a through 2.0. | |||||
| CVE-2025-54696 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26. | |||||
| CVE-2025-49056 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 ???????? allows Reflected XSS. This issue affects ????????: from n/a through 1.2. | |||||
| CVE-2025-54704 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6. | |||||
| CVE-2025-49433 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from n/a through 1.1. | |||||
| CVE-2025-52788 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8. | |||||
| CVE-2025-47689 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/a through 1.2. | |||||
| CVE-2025-49065 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Counter: from n/a through 1.0. | |||||
| CVE-2025-49053 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a through 1.0.5. | |||||
| CVE-2025-29014 | 2025-08-14 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20. | |||||
| CVE-2024-41753 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-14 | N/A | 6.1 MEDIUM |
| IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-55170 | 1 Wegia | 1 Wegia | 2025-08-14 | N/A | 7.4 HIGH |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8. | |||||
| CVE-2025-36000 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-30907 | 1 Secupress | 1 Secupress | 2025-08-14 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3. | |||||
| CVE-2023-38007 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-8918 | 1 Portabilis | 1 I-educar | 2025-08-14 | N/A | 4.8 MEDIUM |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2895 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||