Medium
CVE-2025-4670
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 65/398 • 47655 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47655 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-29
Medium
CVE-2025-4583
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including,…
2025-05-28
Low
CVE-2025-27706
CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with…
High
CVE-2025-31501
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
High
CVE-2025-31500
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
High
CVE-2025-30087
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
Medium
CVE-2025-1461
Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scrip…
Medium
CVE-2025-40651
Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL u…
Medium
CVE-2025-4963
The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output e…
Medium
CVE-2025-5082
The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input saniti…
2025-05-27
Medium
CVE-2024-45094
IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thu…
Medium
CVE-2025-5198
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script i…
Medium
CVE-2025-46173
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form.
Medium
CVE-2025-3704
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This iss…
Medium
CVE-2025-23393
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Con…
Medium
CVE-2024-47090
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
Medium
CVE-2025-4682
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in…
Medium
CVE-2025-4783
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.…
2025-05-26
Medium
CVE-2025-23392
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Cont…
Medium
CVE-2025-40663
Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /Cro…
Medium
CVE-2025-40652
Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the ser…
Low
CVE-2025-5181
A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. T…
Low
CVE-2025-5179
A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of th…
Medium
CVE-2025-5177
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the compon…
Medium
CVE-2025-1985
Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.
2025-05-25
Low
CVE-2025-5153
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of…
Low
CVE-2025-5138
A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulatio…
2025-05-24
Low
CVE-2025-5135
A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Prod…
Low
CVE-2025-5134
A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the ar…
Medium
CVE-2025-5133
A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It…
Low
CVE-2025-5127
A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site…
Medium
CVE-2025-4223
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including, 2.…
Medium
CVE-2025-5055
The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to…
Medium
CVE-2024-13427
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.…
2025-05-23
Medium
CVE-2025-44998
A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payl…
Medium
CVE-2025-48378
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline…
Medium
CVE-2025-48377
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an X…
High
CVE-2025-43860
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any auth…
High
CVE-2025-32794
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any auth…
Medium
CVE-2024-51099
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute…
Medium
CVE-2024-51108
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to ex…
Medium
CVE-2024-51107
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute…
High
CVE-2025-48286
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation redi-restaurant-reservation allows Reflected XSS.This issue af…
High
CVE-2025-48245
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Co…
High
CVE-2025-48241
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <…
High
CVE-2025-47680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Reflected XSS.This issue affects xili…
High
CVE-2025-47678
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Reflected XSS.This issue affects FunnelCockpit:…
High
CVE-2025-47673
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arco…
High
CVE-2025-47618
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator bmi-adultkid-calculator allows Reflected XSS.This…
High
CVE-2025-47613
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a t…
High
CVE-2025-47611
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta user-meta allows Reflected XSS.This issue affects User Meta: from n/a through <=…
High
CVE-2025-47458
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools b2i-investor-tools allows Reflected XSS.This issue affects B2i Investo…
High
CVE-2025-46537
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget section-widget allows Reflected XSS.This issue affects Section Widget: from…
High
CVE-2025-46526
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets mycustomwidget allows Reflected XSS.This issue affects My Custom…
Medium
CVE-2025-46518
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts igit-related-posts-with-thumb-images-…
High
CVE-2025-46515
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget category-widget allows Reflected XSS.This issue affects Category…
Medium
CVE-2025-46493
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles crossword-compiler-puzzles allows Stored XSS.This issu…
High
CVE-2025-46488
Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.
High
CVE-2025-46487
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net ec-authorizenet allows Reflected XSS.This issue affects EC Authorize.ne…
High
CVE-2025-46456
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sl…
High
CVE-2025-46448
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System dms allows Reflected XSS.This issue affects Document Manag…
High
CVE-2025-46446
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones libro-de-reclamaciones allows Stored XSS.This issue affects Libr…
High
CVE-2025-46440
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded kstats-reloaded allows Reflected XSS.This issue affects kStats Reloaded: fro…
High
CVE-2025-46437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form tayori allows Reflected XSS.This issue affects Tayori Form: from n/a throug…
High
CVE-2025-39505
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Reflected XSS.This issue affects Goodlayers Hotel:…
High
CVE-2025-39502
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Reflected XSS.This issue affects Goodlayers Hoste…
High
CVE-2025-32285
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher butcher allows Reflected XSS.This issue affects Butcher: from n/a through < 2.5…
High
CVE-2025-31636
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue af…
High
CVE-2025-1123
The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5…
Medium
CVE-2025-3894
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBI…
Medium
CVE-2025-4379
DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser…
Medium
CVE-2025-5096
The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all v…
Medium
CVE-2025-4594
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insuff…
2025-05-22
Medium
CVE-2024-5962
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can explo…
Medium
CVE-2024-7103
A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulne…
Medium
CVE-2024-13958
Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series…
Medium
CVE-2025-48369
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's…
Medium
CVE-2025-48368
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffic…
Medium
CVE-2025-48366
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the…
Medium
CVE-2025-4405
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and…
Medium
CVE-2024-9544
The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escapin…
High
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend…
Medium
CVE-2025-4133
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor…
Medium
CVE-2025-5062
The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanit…
2025-05-21
Low
CVE-2025-48070
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email.…
Medium
CVE-2025-45755
A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing a…
High
CVE-2025-2261
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Medium
CVE-2024-57529
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
Medium
CVE-2025-4415
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 befor…
Medium
CVE-2025-45754
A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as…
Medium
CVE-2025-20267
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a use…
Medium
CVE-2025-20250
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
Medium
CVE-2025-20247
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
Medium
CVE-2025-20246
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
Medium
CVE-2025-48206
The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
Medium
CVE-2025-48203
The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
Low
CVE-2025-1420
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue ha…
Low
CVE-2025-1419
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5…
Medium
CVE-2025-4611
The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and inclu…
Medium
CVE-2025-4221
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient inp…
Medium
CVE-2025-4219
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and ou…
Medium
CVE-2025-4217
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient…
Medium
CVE-2025-3781
The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.1 due to insuffici…
Medium
CVE-2025-3750
The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sani…
Medium
CVE-2025-5013
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipul…
Low
CVE-2025-5011
A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The m…
Low
CVE-2025-5010
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation…
2025-05-20
Low
CVE-2025-5007
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubm…
Low
CVE-2025-4996
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the arg…
Medium
CVE-2025-47853
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
Medium
CVE-2025-47852
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
Medium
CVE-2025-47851
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
Medium
CVE-2025-41228
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or…
Medium
CVE-2025-40633
A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious…
Medium
CVE-2025-4951
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of speci…
Medium
CVE-2024-5878
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input s…
High
CVE-2025-2929
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used…
2025-05-19
Medium
CVE-2025-47946
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAt…
High
CVE-2025-39393
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System hospital-management allows Reflected XSS.This issue affects H…
High
CVE-2025-39392
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS apartment-management allows Reflected XSS.This issue affects WPAMS: from n/a throu…