Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | ||||
| CVE-2022-45285 | 1 Vsourz | 1 Advanced Cf7 Db | 2025-03-24 | 6.1 Medium |
| Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44261 | 1 Averydennison | 2 Monarch Printer M9855, Monarch Printer M9855 Firmware | 2025-03-24 | 6.1 Medium |
| Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2025-1324 | 1 Plechevandrey | 1 Wp-recall | 2025-03-24 | 6.4 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1783 | 1 Tiptoppress | 1 Gallery Styles | 2025-03-24 | 6.4 Medium |
| The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-24 | 4.8 Medium |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | ||||
| CVE-2025-1526 | 1 Detheme | 1 Dethemekit For Elementor | 2025-03-24 | 6.4 Medium |
| The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1517 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | 6.4 Medium |
| The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2025-03-24 | 8.1 High |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | ||||
| CVE-2025-1527 | 1 Hasthemes | 1 Shoplentor | 2025-03-24 | 6.4 Medium |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-0786 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-24 | 8.4 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0787 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-24 | 8.1 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-55009 | 1 Datax | 1 Autobib | 2025-03-24 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter. | ||||
| CVE-2025-2699 | 1 Getcontenttools | 1 Contenttools | 2025-03-24 | 3.5 Low |
| A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1589 | 1 Pressified | 1 Sendpress | 2025-03-24 | 6.1 Medium |
| The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-43113 | 1 Mozilla | 1 Firefox | 2025-03-24 | 6.1 Medium |
| The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2023-23286 | 1 Farsight | 1 Provide Server | 2025-03-24 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | ||||
| CVE-2024-4270 | 1 Andibauer | 1 Svgmagic | 2025-03-24 | 5.4 Medium |
| The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | ||||
| CVE-2024-29644 | 2025-03-24 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. | ||||
| CVE-2025-30606 | 2025-03-24 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition allows Stored XSS. This issue affects Easy Page Transition: from n/a through 1.0.1. | ||||