Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42704 | 1 Servicenow | 1 Servicenow | 2025-04-09 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget. | |||||
| CVE-2024-13877 | 1 Sjehutch | 1 Passbeemedia Web Push Notification | 2025-04-09 | N/A | N/A |
| The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13876 | 1 Tiefpunkt | 1 Meintopf | 2025-04-09 | N/A | N/A |
| The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-28875 | 1 Shanebp | 1 Bp Email Assign Templates | 2025-04-09 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6. | |||||
| CVE-2025-28878 | 1 Willbrubaker | 1 Awesome Surveys | 2025-04-09 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10. | |||||
| CVE-2025-1486 | 1 Andreafarracani | 1 Wowpth | 2025-04-09 | N/A | N/A |
| The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-1487 | 1 Andreafarracani | 1 Wowpth | 2025-04-09 | N/A | N/A |
| The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-13602 | 1 Ays-pro | 1 Poll Maker | 2025-04-09 | N/A | N/A |
| The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13878 | 1 Jakehelbig | 1 Spotbot | 2025-04-08 | N/A | N/A |
| The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13880 | 1 Dropstr | 1 My Quota | 2025-04-08 | N/A | N/A |
| The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13881 | 1 Gunnettmd | 1 Linkmyposts | 2025-04-08 | N/A | N/A |
| The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2022-3904 | 1 Monsterinsights | 1 Monsterinsights | 2025-04-08 | N/A | 6.1 MEDIUM |
| The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. | |||||
| CVE-2024-1905 | 1 Rednao | 1 Smart Forms | 2025-04-08 | N/A | N/A |
| The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | N/A | 6.1 MEDIUM |
| A vulnerability was found in iteaj iboot ????? 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30166 | 2025-04-08 | N/A | N/A | ||
| Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6. | |||||
| CVE-2025-32211 | 2025-04-08 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.2. | |||||
| CVE-2025-32117 | 2025-04-08 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. | |||||
| CVE-2025-32369 | 1 Kentico | 1 Xperience | 2025-04-08 | N/A | 5.4 MEDIUM |
| Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. | |||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-08 | N/A | 6.1 MEDIUM |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2025-04-08 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | |||||