Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0370 | 1 Wpbean | 1 Wpb Advanced Faq | 2025-02-26 | 5.4 Medium |
| The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-22288 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-26 | 6.8 Medium |
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | ||||
| CVE-2024-3358 | 2 Janobe, Sourcecodester | 2 Aplaya Beach Resort Online Reservation System, Aplaya Beach Resort Online Reservation System | 2025-02-26 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3414 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-02-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583. | ||||
| CVE-2025-27320 | 2025-02-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pankaj Mondal Profile Widget Ninja allows DOM-Based XSS. This issue affects Profile Widget Ninja: from n/a through 4.3. | ||||
| CVE-2024-3244 | 1 Wpdeveloper | 1 Embedpress | 2025-02-26 | 6.4 Medium |
| The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2325 | 1 Ylefebvre | 1 Link Library | 2025-02-26 | 6.1 Medium |
| The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-1458 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-02-26 | 6.4 Medium |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-45004 | 1 Getgophish | 1 Gophish | 2025-02-26 | 6.1 Medium |
| Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | ||||
| CVE-2020-19947 | 1 Markdown Edit Project | 1 Markdown Edit | 2025-02-26 | 9.6 Critical |
| Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. | ||||
| CVE-2023-1481 | 1 Monitoring Of Students Cyber Accounts System Project | 1 Monitoring Of Students Cyber Accounts System | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364. | ||||
| CVE-2023-1154 | 1 Pacsrapor | 1 Pacsrapor | 2025-02-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. | ||||
| CVE-2023-26951 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-02-26 | 5.4 Medium |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. | ||||
| CVE-2024-46226 | 2025-02-26 | 4.8 Medium | ||
| A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket. | ||||
| CVE-2023-27131 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | ||||
| CVE-2023-27054 | 1 Mirotalk | 1 Mirotalk P2p | 2025-02-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | ||||
| CVE-2020-24857 | 1 Inex | 1 Ixp Manager | 2025-02-26 | 6.1 Medium |
| Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. | ||||
| CVE-2024-13803 | 2025-02-26 | 6.4 Medium | ||
| The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22261 | 2025-02-26 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through 1.5. | ||||
| CVE-2024-13678 | 2025-02-26 | 6.1 Medium | ||
| The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||