Total
35923 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41376 | 1 Metroui | 1 Metro Ui | 2025-05-20 | N/A | 6.1 MEDIUM |
| Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | |||||
| CVE-2022-42235 | 1 Student Clearance System Project | 1 Student Clearance System | 2025-05-19 | N/A | 5.4 MEDIUM |
| A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. | |||||
| CVE-2024-4757 | 1 Wp-master | 1 Logo Manager For Enamad | 2025-05-19 | N/A | 8.1 HIGH |
| The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-4899 | 1 Seopress | 1 Seopress | 2025-05-19 | N/A | 5.0 MEDIUM |
| The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-5573 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-19 | N/A | 5.9 MEDIUM |
| The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-5473 | 1 Zitscher | 1 Simple Photoswipe | 2025-05-19 | N/A | 4.0 MEDIUM |
| The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-3633 | 1 Rezakhan995 | 1 Webp \& Svg Support | 2025-05-19 | N/A | 5.4 MEDIUM |
| The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2024-4759 | 1 Staude | 1 Mime Types Extended | 2025-05-19 | N/A | 5.5 MEDIUM |
| The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2024-5730 | 1 Mahype | 1 Pagerank Tools | 2025-05-19 | N/A | 6.1 MEDIUM |
| The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5729 | 1 Alexdtn | 1 Simple Al Slider | 2025-05-19 | N/A | 6.1 MEDIUM |
| The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5728 | 1 Alexdtn | 1 Animated Al List | 2025-05-19 | N/A | 5.4 MEDIUM |
| The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-5727 | 1 Apidaze | 1 Widget4call | 2025-05-19 | N/A | 4.7 MEDIUM |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-30316 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 5.4 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-30315 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 6.1 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-30314 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 6.1 MEDIUM |
| Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-43567 | 1 Adobe | 1 Connect | 2025-05-19 | N/A | 9.3 CRITICAL |
| Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-24676 | 2025-05-19 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in umangmetatagg Custom WP Store Locator allows Reflected XSS.This issue affects Custom WP Store Locator: from n/a through 1.4.7. | |||||
| CVE-2024-6533 | 1 Monospace | 1 Directus | 2025-05-19 | N/A | 5.4 MEDIUM |
| Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | |||||
| CVE-2024-2692 | 1 B3log | 1 Siyuan | 2025-05-19 | N/A | 9.0 CRITICAL |
| SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS. | |||||
| CVE-2024-57273 | 2025-05-19 | N/A | 5.4 MEDIUM | ||
| Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key. | |||||