Total
38250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6697 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6698 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5035 | 1 Firelightwp | 1 Firelight Lightbox | 2025-07-01 | N/A | 5.4 MEDIUM |
| The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks. | |||||
| CVE-2025-5093 | 1 Dfactory | 1 Responsive Lightbox | 2025-07-01 | N/A | 5.4 MEDIUM |
| The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-3745 | 1 Syedbalkhi | 1 Wp Lightbox 2 | 2025-07-01 | N/A | 6.3 MEDIUM |
| The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks. | |||||
| CVE-2025-5730 | 1 Ghozylab | 1 Contact Form | 2025-07-01 | N/A | 4.3 MEDIUM |
| The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-44141 | 1 Backdropcms | 1 Backdrop | 2025-07-01 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. | |||||
| CVE-2025-6699 | 1 Wegia | 1 Wegia | 2025-07-01 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-23030. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-54959 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | N/A | 6.1 MEDIUM |
| Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). | |||||
| CVE-2024-54958 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | N/A | 6.1 MEDIUM |
| Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page. | |||||
| CVE-2024-30192 | 1 Gsplugins | 1 Gs Pinterest Portfolio | 2025-07-01 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | |||||
| CVE-2025-22624 | 2025-07-01 | N/A | N/A | ||
| FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php. | |||||
| CVE-2022-36350 | 1 Pukiwiki | 1 Pukiwiki | 2025-06-30 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2025-53121 | 2025-06-30 | N/A | N/A | ||
| Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon 33.1.6, 33.1.7 or Meridian 2024.2.6, 2024.2.7 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Fábio Tomé for reporting this issue. | |||||
| CVE-2025-53206 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder allows Stored XSS. This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through 1.0.8. | |||||
| CVE-2025-6488 | 2025-06-30 | N/A | 6.4 MEDIUM | ||
| The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-31067 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4. | |||||
| CVE-2025-53290 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap allows Stored XSS. This issue affects WP Visual Sitemap: from n/a through 1.0.2. | |||||
| CVE-2025-49290 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Reflected XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.4. | |||||
| CVE-2025-53278 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0. | |||||