Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32586 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3. | |||||
| CVE-2025-32524 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1. | |||||
| CVE-2025-32600 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1. | |||||
| CVE-2025-32517 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer allows Reflected XSS. This issue affects MultiMailer: from n/a through 1.0.3. | |||||
| CVE-2025-32537 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates allows Reflected XSS. This issue affects Lock Your Updates: from n/a through 1.1. | |||||
| CVE-2025-32538 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator allows Reflected XSS. This issue affects Easy Post Duplicator: from n/a through 1.0.1. | |||||
| CVE-2025-32525 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in interactivegeomaps Interactive Geo Maps allows Reflected XSS. This issue affects Interactive Geo Maps: from n/a through 1.6.24. | |||||
| CVE-2025-32553 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4. | |||||
| CVE-2025-32536 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist allows Reflected XSS. This issue affects HTML5 Video Player with Playlist: from n/a through 2.50. | |||||
| CVE-2025-31379 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here allows Reflected XSS. This issue affects Insert HTML Here: from n/a through 1.0. | |||||
| CVE-2025-32541 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report allows Reflected XSS. This issue affects WooCommerce Sales MIS Report: from n/a through 4.0.3. | |||||
| CVE-2025-31021 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16. | |||||
| CVE-2025-3434 | 2025-04-11 | N/A | 7.2 HIGH | ||
| The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-31378 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter allows Reflected XSS. This issue affects Oppso Unit Converter: from n/a through 1.1.1. | |||||
| CVE-2025-32632 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP allows Reflected XSS. This issue affects Automatic Ban IP: from n/a through 1.0.7. | |||||
| CVE-2025-32599 | 2025-04-11 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3. | |||||
| CVE-2022-34322 | 1 Sage | 1 Sage Enterprise Intelligence | 2025-04-10 | N/A | 9.0 CRITICAL |
| Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification menu and the Notifications feature. A user can send malicious notifications and execute JavaScript code in the browser of every user who has enabled notifications. This is a stored XSS, and can lead to privilege escalation in the context of the application. (Another issue is present in the Favorites tab. The name of a favorite or a folder of favorites is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a self-XSS.) | |||||
| CVE-2022-3922 | 1 Managewp | 1 Broken Link Checker | 2025-04-10 | N/A | 4.8 MEDIUM |
| The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-39514 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-04-10 | N/A | 5.4 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping. | |||||
| CVE-2024-3192 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-10 | N/A | 9.6 CRITICAL |
| A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308. | |||||