Total
38285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2025-06-02 | N/A | 6.1 MEDIUM |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | |||||
| CVE-2023-0376 | 1 Themeum | 1 Qubely | 2025-06-02 | N/A | 5.4 MEDIUM |
| The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-21726 | 1 Joomla | 1 Joomla\! | 2025-06-02 | N/A | 6.5 MEDIUM |
| Inadequate content filtering leads to XSS vulnerabilities in various components. | |||||
| CVE-2024-28070 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | N/A | 6.8 MEDIUM |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. | |||||
| CVE-2024-26468 | 1 Jstrieb | 1 Url Pages | 2025-06-02 | N/A | 6.1 MEDIUM |
| A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2024-26467 | 1 Tabatkins | 1 Railroad-diagram Generator | 2025-06-02 | N/A | 6.1 MEDIUM |
| A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2025-1647 | 2025-06-01 | N/A | 5.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. | |||||
| CVE-2024-22569 | 1 Poscms | 1 Poscms | 2025-05-30 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | |||||
| CVE-2024-6487 | 1 Data443 | 1 Inline Related Posts | 2025-05-30 | N/A | 5.9 MEDIUM |
| The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-6021 | 1 Bharatkambariya | 1 Donation Block For Paypal | 2025-05-30 | N/A | 6.8 MEDIUM |
| The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability | |||||
| CVE-2024-3113 | 1 Devsabbirahmed | 1 Simple Form | 2025-05-30 | N/A | 5.9 MEDIUM |
| The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 4.3 MEDIUM |
| ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 5.4 MEDIUM |
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | |||||
| CVE-2024-33997 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.1 MEDIUM |
| Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. | |||||
| CVE-2025-0602 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-4988 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-5259 | 2025-05-30 | N/A | 6.4 MEDIUM | ||
| The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4992 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-4986 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-4991 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||