Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42069 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | N/A | 5.4 MEDIUM |
| Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2025-47777 | 2025-05-14 | N/A | N/A | ||
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue. | |||||
| CVE-2022-42066 | 1 Projectworlds | 1 Online Examination System | 2025-05-14 | N/A | 6.1 MEDIUM |
| Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | |||||
| CVE-2024-10151 | 1 Toolstack | 1 Auto Iframe | 2025-05-14 | N/A | N/A |
| The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-12585 | 1 Wp-property-hive | 1 Propertyhive | 2025-05-14 | N/A | N/A |
| The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-10815 | 1 Reneade | 1 Postlists | 2025-05-14 | N/A | N/A |
| The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2024-12096 | 1 Ulfben | 1 Exhibit To Wp Gallery | 2025-05-14 | N/A | N/A |
| The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2022-42071 | 1 Oretnom23 | 1 Online Birth Certificate Management System | 2025-05-14 | N/A | 6.1 MEDIUM |
| Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | |||||
| CVE-2024-10858 | 1 Automattic | 1 Jetpack | 2025-05-14 | N/A | N/A |
| The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com. | |||||
| CVE-2024-11644 | 1 Salko | 1 Wp-svg | 2025-05-14 | N/A | N/A |
| The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-11921 | 1 Givewp | 1 Givewp | 2025-05-14 | N/A | N/A |
| The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-11849 | 1 Podsfoundation | 1 Pods | 2025-05-14 | N/A | N/A |
| The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2025-05-14 | N/A | 4.8 MEDIUM |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2024-12302 | 1 Icegram | 1 Icegram Engage | 2025-05-14 | N/A | N/A |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-10102 | 1 Robosoft | 1 Robo Gallery | 2025-05-14 | N/A | N/A |
| The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | N/A | 6.1 MEDIUM |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9020 | 1 Fernandobriano | 1 List Category Posts | 2025-05-13 | N/A | N/A |
| The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-12321 | 1 Codexpert | 1 Wc Affiliate | 2025-05-13 | N/A | N/A |
| The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13052 | 1 Healthygrid | 1 Dental Optimizer Patient Generator App | 2025-05-13 | N/A | N/A |
| The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||