Total
38257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31021 | 2025-04-11 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16. | |||||
| CVE-2025-32114 | 2025-04-11 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist 5sterrenspecialist allows Reflected XSS. This issue affects 5sterrenspecialist: from n/a through 1.3. | |||||
| CVE-2025-32524 | 2025-04-11 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1. | |||||
| CVE-2025-31028 | 2025-04-11 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0. | |||||
| CVE-2023-38506 | 1 Joplin Project | 1 Joplin | 2025-04-11 | N/A | 8.2 HIGH |
| Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized (or not sanitized properly). As such, the `onload` attribute of pasted images can execute arbitrary code. Because the TinyMCE editor frame does not use the `sandbox` attribute, such scripts can access NodeJS's `require` through the `top` variable. From this, an attacker can run arbitrary commands. This issue has been addressed in version 2.12.10 and users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-35352 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | N/A | 6.1 MEDIUM |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting. | |||||
| CVE-2024-31586 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-11 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. | |||||
| CVE-2021-41823 | 1 Kemptechnologies | 1 Web Application Firewall | 2025-04-11 | N/A | 6.1 MEDIUM |
| The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. | |||||
| CVE-2024-34452 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2025-04-11 | N/A | 6.1 MEDIUM |
| CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. | |||||
| CVE-2024-5595 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-11 | N/A | 5.4 MEDIUM |
| The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-6651 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-11 | N/A | 6.1 MEDIUM |
| The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-6494 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-11 | N/A | 6.1 MEDIUM |
| The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks. | |||||
| CVE-2024-6792 | 1 Technowich | 1 Wp Ulike | 2025-04-11 | N/A | 3.5 LOW |
| The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. | |||||
| CVE-2024-47385 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4. | |||||
| CVE-2024-7879 | 1 Technowich | 1 Wp Ulike | 2025-04-11 | N/A | 4.8 MEDIUM |
| The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-10104 | 1 Blueglass | 1 Jobs For Wordpress | 2025-04-11 | N/A | 5.9 MEDIUM |
| The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-11052 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-11 | N/A | 7.2 HIGH |
| The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-10583 | 1 Code-atlantic | 1 Popup Maker | 2025-04-11 | N/A | 5.4 MEDIUM |
| The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-54314 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0. | |||||
| CVE-2024-54315 | 1 Nicheaddons | 1 Events Addon For Elementor | 2025-04-11 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2. | |||||