Total
37836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54006 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.1. | |||||
| CVE-2025-31427 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme allows Reflected XSS. This issue affects Invico - WordPress Consulting Business Theme: from n/a through 1.9. | |||||
| CVE-2025-52779 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0. | |||||
| CVE-2025-47554 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Reflected XSS. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.6. | |||||
| CVE-2025-54051 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LightBox Block allows Stored XSS. This issue affects LightBox Block: from n/a through 1.1.30. | |||||
| CVE-2025-52787 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7. | |||||
| CVE-2025-52786 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0. | |||||
| CVE-2025-54016 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3. | |||||
| CVE-2025-40724 | 2025-07-16 | N/A | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the u_medicine_name parameter in /edit_medicine.php. This vulnerability can be exploited to steal sensitive user data such as session cookies or to perform actions on behalf of the user. | |||||
| CVE-2025-53989 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.19. | |||||
| CVE-2025-6747 | 2025-07-16 | N/A | 6.4 MEDIUM | ||
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusion_map' shortcode in all versions up to, and including, 3.12.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48295 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.5. | |||||
| CVE-2025-54023 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4. | |||||
| CVE-2025-53984 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows Stored XSS. This issue affects JetTabs: from n/a through 2.2.9. | |||||
| CVE-2025-47652 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.13.4. | |||||
| CVE-2024-27780 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | N/A | 2.2 LOW |
| Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. | |||||
| CVE-2025-7601 | 1 Phpgurukul | 1 Online Library Management System | 2025-07-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/student-history.php. The manipulation of the argument stdid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1392 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-07-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-18524 | 1 Antoineh | 1 Football Pool | 2025-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. | |||||
| CVE-2024-11685 | 1 Iseard | 1 Kudos Donations | 2025-07-16 | N/A | 6.1 MEDIUM |
| The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link. | |||||