Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31605 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Welcome Popup allows Stored XSS. This issue affects Welcome Popup: from n/a through 1.0.10. | |||||
| CVE-2025-31744 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed allows Stored XSS. This issue affects Lightweight and Responsive Youtube Embed: from n/a through 1.0.0. | |||||
| CVE-2025-31615 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms allows Stored XSS. This issue affects Simple Contact Forms: from n/a through 1.6.4. | |||||
| CVE-2025-30614 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix allows Reflected XSS. This issue affects Google Font Fix: from n/a through 2.3.1. | |||||
| CVE-2025-31562 | 2025-04-01 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows DOM-Based XSS. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3. | |||||
| CVE-2025-2597 | 1 Itechno | 2 Itium 6050, Itium 6050 Firmware | 2025-04-01 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘id_session. | |||||
| CVE-2025-2590 | 1 Code-projects | 1 Human Resource Management | 2025-04-01 | N/A | 5.4 MEDIUM |
| A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0672 | 1 Popozure | 1 Pz-linkcard | 2025-04-01 | N/A | N/A |
| The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-0673 | 1 Popozure | 1 Pz-linkcard | 2025-04-01 | N/A | N/A |
| The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-4092 | 1 Gitlab | 1 Gitlab | 2025-04-01 | N/A | 8.0 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. | |||||
| CVE-2024-2170 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2025-04-01 | N/A | 5.4 MEDIUM |
| The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-29473 | 1 Zhyd | 1 Oneblog | 2025-04-01 | N/A | 6.1 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | |||||
| CVE-2024-10566 | 1 10web | 1 Slider | 2025-04-01 | N/A | N/A |
| The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13122 | 1 Advancedformintegration | 1 Advanced Form Integration | 2025-04-01 | N/A | N/A |
| The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13123 | 1 Advancedformintegration | 1 Advanced Form Integration | 2025-04-01 | N/A | N/A |
| The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-46624 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2025-04-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-46957 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2025-04-01 | N/A | 6.1 MEDIUM |
| Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-47073 | 1 Small Crm Project | 1 Small Crm | 2025-04-01 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. | |||||
| CVE-2022-45730 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-01 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||||
| CVE-2024-1487 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-01 | N/A | 5.4 MEDIUM |
| The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. | |||||