Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1749 | 1 Opencart | 1 Opencart | 2025-05-07 | N/A | 4.7 MEDIUM |
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher. | |||||
| CVE-2025-1748 | 1 Opencart | 1 Opencart | 2025-05-07 | N/A | 4.7 MEDIUM |
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. | |||||
| CVE-2025-1747 | 1 Opencart | 1 Opencart | 2025-05-07 | N/A | 4.7 MEDIUM |
| HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. | |||||
| CVE-2025-1746 | 1 Opencart | 1 Opencart | 2025-05-07 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | |||||
| CVE-2024-13569 | 1 Etoilewebdesign | 1 Front End Users | 2025-05-07 | N/A | N/A |
| The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-46225 | 1 Migaweb | 1 Post In Page For Elementor | 2025-05-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1. | |||||
| CVE-2025-46226 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-05-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0. | |||||
| CVE-2025-46227 | 1 Brechtvds | 1 Custom Related Posts | 2025-05-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4. | |||||
| CVE-2025-45751 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-05-07 | N/A | 6.1 MEDIUM |
| SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field. | |||||
| CVE-2022-32407 | 1 Softr | 1 Softr | 2025-05-07 | N/A | 6.1 MEDIUM |
| Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-13326 | 1 Ibuildapp | 1 Ibuildapp | 2025-05-07 | N/A | N/A |
| The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-13094 | 1 Wptriggers | 1 Wp Triggers Lite | 2025-05-07 | N/A | N/A |
| The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13098 | 1 Megamindstechnologies | 1 Wordpress Email Newsletter | 2025-05-07 | N/A | N/A |
| The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-1453 | 1 Zephyrwest | 1 Category Posts Widget | 2025-05-07 | N/A | N/A |
| The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13056 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | N/A | N/A |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13055 | 1 Phycticio | 1 Dyn Business Panel | 2025-05-07 | N/A | N/A |
| The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13114 | 1 Phptechie | 1 Wp Projects Portfolio With Client Testimonials | 2025-05-07 | N/A | N/A |
| The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13099 | 1 Apidaze | 1 Widget4call | 2025-05-07 | N/A | N/A |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-0368 | 1 Karacsi Maci | 1 Banner Garden | 2025-05-07 | N/A | N/A |
| The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users. | |||||
| CVE-2025-46824 | 2025-05-07 | N/A | N/A | ||
| The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin. | |||||