Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37502 | 1 Automad | 1 Automad | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | ||||
| CVE-2021-37378 | 1 Teradke | 4 Cube, Cube Firmware, Cube Pro and 1 more | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2021-37373 | 1 Teradek | 2 Slice, Slice Firmware | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2025-2573 | 2025-03-26 | 6.4 Medium | ||
| The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2022-47983 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-26 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. | ||||
| CVE-2025-2165 | 2025-03-26 | 6.1 Medium | ||
| The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-1490 | 2025-03-26 | 6.1 Medium | ||
| The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-1784 | 2025-03-26 | 6.4 Medium | ||
| The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1437 | 2025-03-26 | 6.4 Medium | ||
| The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-2623 | 1 Westboy | 1 Cicadascms | 2025-03-26 | 3.5 Low |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1802 | 1 Hasthemes | 1 Ht Mega | 2025-03-26 | 6.4 Medium |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.3. | ||||
| CVE-2025-27609 | 2025-03-26 | N/A | ||
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings. Any modern browser with a working CORS implementation also sufficiently guards against the vulnerability. | ||||
| CVE-2025-26537 | 2025-03-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound GDPR Tools allows Stored XSS. This issue affects GDPR Tools: from n/a through 1.0.2. | ||||
| CVE-2025-26541 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce allows Reflected XSS. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6. | ||||
| CVE-2021-36712 | 1 Yzmcms | 1 Yzmcms | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | ||||
| CVE-2021-36545 | 1 Tpcms Project | 1 Tpcms | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | ||||
| CVE-2021-36538 | 1 Gurock | 1 Testrail | 2025-03-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | ||||
| CVE-2025-27267 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3. | ||||
| CVE-2025-28858 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps allows Reflected XSS. This issue affects Arrow Maps: from n/a through 1.0.9. | ||||
| CVE-2025-28865 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud allows Reflected XSS. This issue affects WP Colorful Tag Cloud: from n/a through 2.0.1. | ||||