Medium
CVE-2025-54862
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Read moreTag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 1/8 • 871 CVEs.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-08-18
Medium
CVE-2025-54759
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Read more
Low
CVE-2025-9119
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSI…
Read more
Medium
CVE-2025-43731
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3…
Read more
Medium
CVE-2025-55296
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This all…
Read more
High
CVE-2025-55291
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely cl…
Read more
Medium
CVE-2025-55288
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could…
Read more
High
CVE-2025-55287
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could ru…
Read more
High
CVE-2025-54421
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to injec…
Read more
Critical
CVE-2025-54117
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to injec…
Read more
Low
CVE-2025-43733
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via…
Read more
Medium
CVE-2025-57703
DIAEnergie - Reflected Cross-site Scripting
Read more
Medium
CVE-2025-57702
DIAEnergie - Reflected Cross-site Scripting
Read more
Medium
CVE-2025-57701
DIAEnergie - Reflected Cross-site Scripting
Read more
High
CVE-2025-57700
DIAEnergie - Stored Cross-site Scripting
Read more
Medium
CVE-2025-9107
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross…
Read more
Low
CVE-2025-9106
A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing m…
Read more
Low
CVE-2025-9105
A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Ad…
Read more
Low
CVE-2025-9104
A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This m…
Read more
Low
CVE-2025-9103
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be…
Read more
Low
CVE-2025-9101
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross…
Read more
Low
CVE-2025-9096
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation…
Read more2025-08-17
Low
CVE-2025-9095
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulat…
Read more2025-08-16
Medium
CVE-2025-8143
The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization…
Read more
Medium
CVE-2025-8719
The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘base_lang’ parameter in all versions up to, and including, 1.0 due to insufficient i…
Read more
Medium
CVE-2025-8896
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preference…
Read more
Medium
CVE-2025-8089
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization a…
Read more
Medium
CVE-2025-8113
The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in o…
Read more
Medium
CVE-2025-8293
The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitizatio…
Read more
Medium
CVE-2025-7651
The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to insufficient input s…
Read more
Medium
CVE-2025-7649
The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to…
Read more
Medium
CVE-2025-7440
The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient i…
Read more
Medium
CVE-2025-7439
Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']’ parameter in all versions up to, and including, 1.0.1 to insufficien…
Read more
Medium
CVE-2025-6221
The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and outpu…
Read more2025-08-15
Medium
CVE-2025-52620
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
Read more
Medium
CVE-2025-36088
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code…
Read more
Medium
CVE-2025-8362
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager:…
Read more
High
CVE-2025-8092
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Co…
Read more
Medium
CVE-2025-49898
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.
Read more
Medium
CVE-2025-55203
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacke…
Read more
Medium
CVE-2025-8720
The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitizati…
Read more
Medium
CVE-2025-8080
The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and o…
Read more
Medium
CVE-2025-5844
The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitiz…
Read more
Medium
CVE-2025-8604
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to ins…
Read more
Medium
CVE-2025-9017
A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorna…
Read more
Medium
CVE-2025-8451
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all ve…
Read more
Low
CVE-2025-9003
A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argum…
Read more
Medium
CVE-2025-8867
The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficie…
Read more2025-08-14
Medium
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering thr…
Read more
Low
CVE-2025-8976
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manip…
Read more
Low
CVE-2025-8975
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripti…
Read more
Medium
CVE-2025-55714
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elemen…
Read more
Medium
CVE-2025-55713
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6.
Read more
Medium
CVE-2025-55711
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/…
Read more
Medium
CVE-2025-55709
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Comp…
Read more
Medium
CVE-2025-54749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProductGallery: from n/a th…
Read more
Medium
CVE-2025-54747
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from n/a through 2.3.0.
Read more
Medium
CVE-2025-54746
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a th…
Read more
Medium
CVE-2025-54740
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My Blog: from n/a throug…
Read more
Medium
CVE-2025-54729
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects Webba Booking: from…
Read more
Medium
CVE-2025-54727
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM O…
Read more
Medium
CVE-2025-54708
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5.
Read more
Medium
CVE-2025-54054
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: f…
Read more
Medium
CVE-2025-53582
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5.
Read more
Medium
CVE-2025-53581
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1…
Read more
High
CVE-2025-53575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyDa…
Read more
Medium
CVE-2025-53342
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/a through 3.4.0.
Read more
Medium
CVE-2025-53330
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1.
Read more
Medium
CVE-2025-52771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander: from n/a through 1.0.
Read more
High
CVE-2025-52765
Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a throu…
Read more
Medium
CVE-2025-52335
EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.
Read more
Medium
CVE-2024-37945
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addon…
Read more
Medium
CVE-2025-20235
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…
Read more
Medium
CVE-2025-53631
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS)…
Read more
Medium
CVE-2025-55672
A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's…
Read more
Medium
CVE-2025-54706
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: f…
Read more
Medium
CVE-2025-54704
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons:…
Read more
Medium
CVE-2025-54699
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through…
Read more
Medium
CVE-2025-54698
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a th…
Read more
Medium
CVE-2025-54696
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
Read more
Medium
CVE-2025-54688
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.
Read more
Medium
CVE-2025-54687
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.
Read more
Medium
CVE-2025-54684
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affec…
Read more
Medium
CVE-2025-54683
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Mod…
Read more
Medium
CVE-2025-54680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through…
Read more
Medium
CVE-2025-54676
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue a…
Read more
Medium
CVE-2025-54668
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3.
Read more
High
CVE-2025-52788
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through…
Read more
Medium
CVE-2025-52730
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This…
Read more
Medium
CVE-2025-50040
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Stored XSS. This issue affects CF7 Spreadsheets: from n/a throu…
Read more
Medium
CVE-2025-49437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation allows Stored XSS. This issue affects WP LOL Rotation: from n/a through…
Read more
Medium
CVE-2025-49433
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from n/a through 1.1.
Read more
High
CVE-2025-49065
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Counter: from n/a throu…
Read more
High
CVE-2025-49064
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from…
Read more
High
CVE-2025-49063
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): fr…
Read more
High
CVE-2025-49062
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through…
Read more
Medium
CVE-2025-49061
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a throu…
Read more
High
CVE-2025-49058
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS. This issue affects SoundSt SEO Search:…
Read more
High
CVE-2025-49057
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS. This issue affects WP Voting: from n/a through 1.8.
Read more
High
CVE-2025-49056
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS. This issue affects 多说社会化评论框: from n/a through 1.2.
Read more
High
CVE-2025-49054
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3.
Read more
Medium
CVE-2025-49053
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a…
Read more
Medium
CVE-2025-49051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text Shortcode: from n/a t…
Read more
Medium
CVE-2025-49048
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stored XSS. This issue a…
Read more
Medium
CVE-2025-49047
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects DigitalOcean Spaces Sync:…
Read more
High
CVE-2025-49044
Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.
Read more
High
CVE-2025-49038
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic Links: from n/a throu…
Read more
High
CVE-2025-49037
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer allows Reflected XSS. This issue affects Authe…
Read more
High
CVE-2025-47689
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/…
Read more
Medium
CVE-2025-47610
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox…
Read more
High
CVE-2025-31007
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon fo…
Read more
High
CVE-2025-30626
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. Thi…
Read more
High
CVE-2025-29014
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.
Read more
High
CVE-2025-28999
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Pa…
Read more
High
CVE-2025-28975
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike…
Read more
Medium
CVE-2025-7761
Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser w…
Read more
Medium
CVE-2025-8046
The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting i…
Read more
Medium
CVE-2025-7808
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hi…
Read more
Medium
CVE-2025-3414
The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which…
Read more
Medium
CVE-2025-8934
A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site sc…
Read more