Total
37078 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-1401 | 1 S-a | 1 Wp Click Info | 2025-04-29 | N/A | 7.1 HIGH |
The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
CVE-2022-45225 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-29 | N/A | 6.1 MEDIUM |
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | |||||
CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | |||||
CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | |||||
CVE-2022-43709 | 1 Mybb | 1 Mybb | 2025-04-29 | N/A | 4.9 MEDIUM |
MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | |||||
CVE-2025-2543 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
CVE-2025-2579 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. | |||||
CVE-2025-2767 | 2025-04-29 | N/A | 8.8 HIGH | ||
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407. | |||||
CVE-2025-3832 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2025-3435 | 2025-04-29 | N/A | 4.4 MEDIUM | ||
The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
CVE-2025-29526 | 2025-04-29 | N/A | 6.1 MEDIUM | ||
A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter. | |||||
CVE-2025-46534 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover allows DOM-Based XSS. This issue affects Image Style Hover: from n/a through 1.0.6. | |||||
CVE-2025-46261 | 2025-04-29 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0. | |||||
CVE-2025-46545 | 2025-04-29 | N/A | 4.4 MEDIUM | ||
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires. | |||||
CVE-2025-46459 | 2025-04-29 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ralf Hortt Confirm User Registration allows Stored XSS. This issue affects Confirm User Registration: from n/a through 2.1.5. | |||||
CVE-2025-46449 | 2025-04-29 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1. | |||||
CVE-2025-46542 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3. | |||||
CVE-2025-46491 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5. | |||||
CVE-2025-46499 | 2025-04-29 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout allows Stored XSS. This issue affects PayPal Express Checkout: from n/a through 2.1.2. | |||||
CVE-2025-46234 | 2025-04-29 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1. |