Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30818 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows DOM-Based XSS. This issue affects jAlbum Bridge: from n/a through 2.0.17. | |||||
| CVE-2025-30763 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP allows Stored XSS. This issue affects EO4WP: from n/a through 1.0.8.4. | |||||
| CVE-2025-30898 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] ?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????) allows Stored XSS. This issue affects ?????? ??? ? ??? ??????? (??? ?????? ? ??????? ??? ??????): from n/a through 4.2.3. | |||||
| CVE-2025-30770 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows DOM-Based XSS. This issue affects Charitable: from n/a through 1.8.4.7. | |||||
| CVE-2025-30836 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6. | |||||
| CVE-2025-30779 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Doneren met Mollie allows Stored XSS. This issue affects Doneren met Mollie: from n/a through 2.10.7. | |||||
| CVE-2025-30850 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex allows Stored XSS. This issue affects Dr. Flex: from n/a through 2.0.0. | |||||
| CVE-2025-30899 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3. | |||||
| CVE-2025-30832 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2. | |||||
| CVE-2025-30800 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atawai Gum Elementor Addon allows Stored XSS. This issue affects Gum Elementor Addon: from n/a through 1.3.10. | |||||
| CVE-2025-30766 | 2025-03-27 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor allows DOM-Based XSS. This issue affects Happy Addons for Elementor: from n/a through 3.16.2. | |||||
| CVE-2025-2481 | 2025-03-27 | N/A | 6.1 MEDIUM | ||
| The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-13739 | 1 Tribulant | 1 Newsletters | 2025-03-27 | N/A | 6.1 MEDIUM |
| The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. | |||||
| CVE-2023-23022 | 1 Oretnom23 | 1 Employees Payroll Management System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. | |||||
| CVE-2024-39242 | 1 Skycaiji | 1 Skycaiji | 2025-03-26 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). | |||||
| CVE-2024-45625 | 1 Incsub | 1 Forminator | 2025-03-26 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator. | |||||
| CVE-2022-48085 | 1 Softr | 1 Softr | 2025-03-26 | N/A | 5.4 MEDIUM |
| Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. | |||||
| CVE-2021-37518 | 1 Vimium Project | 1 Vimium | 2025-03-26 | N/A | 6.1 MEDIUM |
| Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. | |||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | |||||
| CVE-2021-37502 | 1 Automad | 1 Automad | 2025-03-26 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | |||||