Total
36741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3385 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-43143 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2025-04-29 | N/A | 9.6 CRITICAL |
| A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. | |||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | N/A | 5.4 MEDIUM |
| Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. | |||||
| CVE-2022-42096 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | |||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2025-04-29 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2025-04-29 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2021-31739 | 1 Seppmail | 1 Seppmail | 2025-04-29 | N/A | 6.1 MEDIUM |
| The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. | |||||
| CVE-2024-13207 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-04-29 | N/A | 4.8 MEDIUM |
| The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13610 | 1 Wpbrigade | 1 Simple Social Buttons | 2025-04-29 | N/A | 4.8 MEDIUM |
| The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-3081 | 1 Easycorp | 1 Easyadmin | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the affected component. The identifier VDB-258613 was assigned to this vulnerability. | |||||
| CVE-2025-2279 | 1 Robosoft | 1 Maps | 2025-04-29 | N/A | 5.9 MEDIUM |
| The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-11924 | 1 Icegram | 1 Icegram Express | 2025-04-29 | N/A | 3.5 LOW |
| The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-1523 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-29 | N/A | 3.5 LOW |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-46239 | 1 Plugin-planet | 1 Theme Switcha | 2025-04-29 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4. | |||||
| CVE-2025-46240 | 1 Plugin-planet | 1 Simple Download Counter | 2025-04-29 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2. | |||||
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | N/A | 6.0 MEDIUM |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. | |||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | N/A | 6.1 MEDIUM |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | N/A | 3.5 LOW |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | N/A | 7.1 HIGH |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||