Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2685 | 2025-03-27 | 6.4 Medium | ||
| The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31165 | 2025-03-27 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature. | ||||
| CVE-2025-2481 | 2025-03-27 | 6.1 Medium | ||
| The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-13739 | 1 Tribulant | 1 Newsletters | 2025-03-27 | 6.1 Medium |
| The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. | ||||
| CVE-2024-0902 | 2025-03-26 | 4.3 Medium | ||
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-44852 | 2025-03-26 | 8.2 High | ||
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | ||||
| CVE-2023-23022 | 1 Oretnom23 | 1 Employees Payroll Management System | 2025-03-26 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. | ||||
| CVE-2023-0608 | 1 Microweber | 1 Microweber | 2025-03-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2024-45625 | 1 Incsub | 1 Forminator | 2025-03-26 | 6.1 Medium |
| Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator. | ||||
| CVE-2024-39242 | 1 Skycaiji | 1 Skycaiji | 2025-03-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). | ||||
| CVE-2022-48085 | 1 Softr | 1 Softr | 2025-03-26 | 5.4 Medium |
| Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. | ||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | ||||
| CVE-2023-24195 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | ||||
| CVE-2023-24194 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | ||||
| CVE-2023-24192 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | ||||
| CVE-2023-24191 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | ||||
| CVE-2023-23636 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | 5.4 Medium |
| In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | ||||
| CVE-2023-23635 | 1 Jellyfin | 1 Jellyfin | 2025-03-26 | 5.4 Medium |
| In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | ||||
| CVE-2022-48140 | 1 Dedecms | 1 Dedecms | 2025-03-26 | 5.4 Medium |
| DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | ||||
| CVE-2021-37518 | 1 Vimium Project | 1 Vimium | 2025-03-26 | 6.1 Medium |
| Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. | ||||