Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13866 | 2025-03-05 | N/A | 6.4 MEDIUM | ||
| The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-1008 | 2025-03-05 | N/A | 6.4 MEDIUM | ||
| The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘view’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-13827 | 2025-03-05 | N/A | 6.1 MEDIUM | ||
| The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2021-46875 | 1 Ibexa | 1 Ez Platform Kernel | 2025-03-04 | N/A | 6.1 MEDIUM |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. | |||||
| CVE-2023-50309 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-32340 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-9618 | 1 Master-addons | 1 Master Addons | 2025-03-04 | N/A | 5.4 MEDIUM |
| The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-0433 | 1 Master-addons | 1 Master Addons | 2025-03-04 | N/A | 5.4 MEDIUM |
| The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-26953 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-03-04 | N/A | 4.8 MEDIUM |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. | |||||
| CVE-2024-56285 | 1 Wpbits | 1 Wpbits Addons For Elementor Page Builder | 2025-03-04 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | |||||
| CVE-2025-22316 | 1 Wpbits | 1 Wpbits Addons For Elementor Page Builder | 2025-03-04 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | |||||
| CVE-2025-27156 | 2025-03-04 | N/A | N/A | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | |||||
| CVE-2025-27155 | 2025-03-04 | N/A | N/A | ||
| Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim. | |||||
| CVE-2024-11132 | 1 Imithemes | 1 Eventer | 2025-03-04 | N/A | 0.0 NONE |
| The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-21627 | 1 Glpi-project | 1 Glpi | 2025-03-04 | N/A | 6.1 MEDIUM |
| GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue. | |||||
| CVE-2024-57026 | 1 Tawk | 1 Tawk.to | 2025-03-03 | N/A | 6.1 MEDIUM |
| TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution. | |||||
| CVE-2023-27130 | 1 Typecho | 1 Typecho | 2025-03-03 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. | |||||
| CVE-2025-0342 | 1 Campcodes | 1 Computer Laboratory Management System | 2025-03-03 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-13153 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-03-03 | N/A | 5.4 MEDIUM |
| The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually. | |||||
| CVE-2025-22738 | 1 Wpulike | 1 Wp Ulike | 2025-03-03 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6. | |||||