Total
37809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54699 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3. | |||||
| CVE-2025-54684 | 2025-08-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7. | |||||
| CVE-2025-54706 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52. | |||||
| CVE-2025-49064 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10. | |||||
| CVE-2025-54676 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. | |||||
| CVE-2025-54696 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26. | |||||
| CVE-2025-49063 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6. | |||||
| CVE-2025-54688 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2. | |||||
| CVE-2025-30626 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1. | |||||
| CVE-2025-31007 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon for Contact Form 7: from n/a through 1.2.0. | |||||
| CVE-2024-41753 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-14 | N/A | 6.1 MEDIUM |
| IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-55170 | 1 Wegia | 1 Wegia | 2025-08-14 | N/A | 6.5 MEDIUM |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8. | |||||
| CVE-2025-36000 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 4.4 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-30907 | 1 Secupress | 1 Secupress | 2025-08-14 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3. | |||||
| CVE-2023-38007 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-8918 | 1 Portabilis | 1 I-educar | 2025-08-14 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2895 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.4 MEDIUM |
| IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-50690 | 2025-08-13 | N/A | 6.1 MEDIUM | ||
| A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a specially formed URL with malicious JavaScript code, which is then reflected back and executed in the victim's browser. This flaw allows an attacker to execute arbitrary JavaScript in the context of the victim's session, potentially leading to session hijacking, phishing attacks, data theft, or redirection to malicious sites. The issue is exposed on publicly accessible pages, making it exploitable by an unauthenticated attacker. | |||||
| CVE-2025-51691 | 2025-08-13 | N/A | 6.1 MEDIUM | ||
| Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before rendering it. Successful exploitation could lead to session hijacking, credential theft, or arbitrary client-side code execution in the context of the victim's browser. | |||||
| CVE-2025-3075 | 1 Elementor | 1 Website Builder | 2025-08-13 | N/A | 6.4 MEDIUM |
| The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled. | |||||