Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26984 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows Reflected XSS. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8. | ||||
| CVE-2025-26879 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member Pro allows Reflected XSS. This issue affects s2Member Pro: from n/a through 241216. | ||||
| CVE-2025-26994 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through 7.4.2. | ||||
| CVE-2024-54179 | 1 Ibm | 1 Business Automation Workflow | 2025-03-03 | 5.4 Medium |
| IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-26914 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Variable Inspector allows Reflected XSS. This issue affects Variable Inspector: from n/a through 2.6.2. | ||||
| CVE-2025-26989 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Form Builder Lite allows Stored XSS. This issue affects Zigaform – Form Builder Lite: from n/a through 7.4.2. | ||||
| CVE-2025-27279 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flashfader allows Reflected XSS. This issue affects Flashfader: from n/a through 1.1.1. | ||||
| CVE-2025-23904 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Rebrand Fluent Forms allows Reflected XSS. This issue affects Rebrand Fluent Forms: from n/a through 1.0. | ||||
| CVE-2025-23903 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Local Shipping Labels for WooCommerce allows Reflected XSS. This issue affects Local Shipping Labels for WooCommerce: from n/a through 1.0.0. | ||||
| CVE-2025-23883 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Stray Random Quotes allows Reflected XSS. This issue affects Stray Random Quotes: from n/a through 1.9.9. | ||||
| CVE-2025-23881 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LJ Custom Menu Links allows Reflected XSS. This issue affects LJ Custom Menu Links: from n/a through 2.5. | ||||
| CVE-2025-23879 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PillarDev Easy Automatic Newsletter Lite allows Reflected XSS. This issue affects Easy Automatic Newsletter Lite: from n/a through 3.2.0. | ||||
| CVE-2025-23852 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound First Comment Redirect allows Reflected XSS. This issue affects First Comment Redirect: from n/a through 1.0.3. | ||||
| CVE-2025-23850 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mojo Under Construction allows Reflected XSS. This issue affects Mojo Under Construction: from n/a through 1.1.2. | ||||
| CVE-2025-23829 | 2025-03-03 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Woo Update Variations In Cart allows Stored XSS. This issue affects Woo Update Variations In Cart: from n/a through 0.0.9. | ||||
| CVE-2025-23814 | 2025-03-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CRUDLab Like Box allows Reflected XSS. This issue affects CRUDLab Like Box: from n/a through 2.0.9. | ||||
| CVE-2024-8186 | 1 Gitlab | 1 Gitlab | 2025-03-03 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations. | ||||
| CVE-2025-1618 | 2025-03-03 | 4.3 Medium | ||
| A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-39649 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-03-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26. | ||||
| CVE-2024-6346 | 1 Pickplugins | 1 Comboblocks | 2025-03-01 | 6.4 Medium |
| The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||