High
CVE-2025-32625
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Mobile Pages mobile-pages allows Reflected XSS.This issue affects Mobile Pages: from…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 72/398 • 47660 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47660 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-17
High
CVE-2025-32622
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in otpless allows Reflected XSS.This issue affects OTP-less one ta…
High
CVE-2025-32615
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal clinked-client-portal allows Reflected XSS.This issue affects Clink…
High
CVE-2025-32613
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager:…
High
CVE-2025-32611
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in We Are De WooCommerce TBC Credit Card Payment Gateway (Free) woo-tbc-payment-gateway allows Refle…
High
CVE-2025-32609
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Picture-Planet GmbH Verowa Connect verowa-connect allows Reflected XSS.This issue affects Verowa…
High
CVE-2025-32608
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movylo Movylo Marketing Automation movylo-widget allows Reflected XSS.This issue affects Movylo M…
High
CVE-2025-32606
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium listings-for-buildium allows Stored XSS.This issue affects Listings for Buildium: from n/a through <= 0.1.5.
High
CVE-2025-32605
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on all…
High
CVE-2025-32604
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping awsa-shipping allows Reflected XSS.This issue affects AWSA Shipping:…
High
CVE-2025-32602
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Reflected XSS.This issue affects WooMS: from n/a through <= 9.12.
High
CVE-2025-32592
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a…
High
CVE-2025-32590
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tzin111 Web2application web2application allows Reflected XSS.This issue affects Web2application:…
High
CVE-2025-32588
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial credova-financial allows Reflected XSS.This issue affects Cre…
High
CVE-2025-32582
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP Auto…
High
CVE-2025-32578
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects…
High
CVE-2025-32566
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows Reflected XSS.This issue affects L…
High
CVE-2025-32564
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam allows Reflected XSS. This issue affects Stop Registration Spam:…
High
CVE-2025-32562
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll wp-easy-poll-afo allows Reflected XSS.This issue affects WP Easy Poll…
High
CVE-2025-32561
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plugins.club WP_DEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WP_DE…
High
CVE-2025-32560
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri wp-hijri allows Reflected XSS.This issue affects WP-Hijri: from n/a th…
High
CVE-2025-32557
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rico Macchi WP Featured Screenshot wp-featured-screenshot allows Reflected XSS.This issue affects…
High
CVE-2025-32554
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a th…
High
CVE-2025-32552
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory MSRP (RRP) Pricing for WooCommerce msrp-for-woocommerce allows Reflected XSS.This issue…
High
CVE-2025-32548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in borisolhor Hamburger Icon Menu Lite allows Reflected XSS. This issue affects Hamburger Icon Menu…
High
CVE-2025-32546
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <…
High
CVE-2025-32545
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommer…
High
CVE-2025-32540
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This i…
High
CVE-2025-32535
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce dn-shipping-by-weight allows Reflected XSS.This…
High
CVE-2025-32533
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Reflected XSS.Thi…
High
CVE-2025-32532
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pei Yong Goh UXsniff ux-sniff allows Reflected XSS.This issue affects UXsniff: from n/a through <…
High
CVE-2025-32531
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Reflected XSS.This issue affects Arconix FAQ: from…
High
CVE-2025-32530
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Reflected XSS.This i…
High
CVE-2025-32529
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator ione360-configurator allows Reflected XSS.This issue affects iONE360…
High
CVE-2025-32528
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maximevalette iCal Feeds ical-feeds allows Reflected XSS.This issue affects iCal Feeds: from n/a…
High
CVE-2025-32527
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slide…
High
CVE-2025-32526
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Reflected XSS.This issue affects…
High
CVE-2025-32522
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Reflected XSS.T…
High
CVE-2025-32521
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block flip-boxes allows Reflected XSS.This issue a…
High
CVE-2025-32520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed wp-condit…
High
CVE-2025-32516
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue…
High
CVE-2025-32515
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal A…
High
CVE-2025-32514
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cscode WooCommerce Estimate and Quote wc-estimate-and-quote allows Reflected XSS.This issue affec…
High
CVE-2025-32513
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Reflected…
High
CVE-2025-32512
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revampcrm Revamp CRM for WooCommerce revampcrm-woocommerce allows Reflected XSS.This issue affect…
High
CVE-2025-32511
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce al…
High
CVE-2025-32508
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ComMotion Course Booking System course-booking-system allows Reflected XSS.This issue affects Cou…
High
CVE-2025-32507
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Event Espresso – Custom Email Template Shortcode email-shortcode allows Reflected…
High
CVE-2025-32506
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BenDlz AT Internet SmartTag at-internet allows Reflected XSS.This issue affects AT Internet Smart…
High
CVE-2025-32504
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows Reflected XSS.This issue affects Silva…
High
CVE-2025-32490
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure wp-secure-by-sitesecuritymonitorcom allows Stored XSS.This issue affect…
High
CVE-2025-31018
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FireDrum FireDrum Email Marketing firedrum-email-marketing allows Reflected XSS.This issue affect…
High
CVE-2025-31006
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity Reactions For Buddypress activity-reactions-for-buddypress allows Reflected XSS…
High
CVE-2025-27354
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phil88530 Simple Email Subscriber simple-email-subscriber allows Reflected XSS.This issue affects…
High
CVE-2025-27346
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild…
High
CVE-2025-27345
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Reflected XSS.This issue affects Booking Ult…
High
CVE-2025-27343
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop WooCommerce HTML5 Video woocommerce-html5-video allows Reflected XSS.This issue affects W…
High
CVE-2025-27338
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphems List Urls list-urls allows Reflected XSS.This issue affects List Urls: from n/a through…
High
CVE-2025-27337
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur Fontsampler fontsampler allows Reflected XSS.This issue affects Fontsampler: from n/a thro…
High
CVE-2025-27333
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alvego Protected wp-login protected-wp-login allows Reflected XSS.This issue affects Protected wp…
High
CVE-2025-27324
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 17track 17TRACK for WooCommerce 17track allows Reflected XSS.This issue affects 17TRACK for WooCo…
High
CVE-2025-27322
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bappa Mal QR Code for WooCommerce wc-qr-codes allows Reflected XSS.This issue affects QR Code for…
High
CVE-2025-27319
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through <=…
High
CVE-2025-27314
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kush Sharma Kush Micro News kush-micro-news allows Stored XSS.This issue affects Kush Micro News:…
High
CVE-2025-27313
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer google-maps-gpx-viewer allows Reflected XSS.This issue affe…
High
CVE-2025-27309
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeannot Muller flickr-slideshow-wrapper flickr-slideshow-wrapper allows Stored XSS.This issue aff…
High
CVE-2025-27308
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmstactics WP Video Posts wp-video-posts allows Reflected XSS.This issue affects WP Video Posts:…
High
CVE-2025-27295
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through <= 1.3.
High
CVE-2025-27293
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webparexapp Shipmozo Courier Tracking webparex allows Reflected XSS.This issue affects Shipmozo C…
High
CVE-2025-27292
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PoppinsDigital.com WPYog Documents wpyog-documents allows Reflected XSS.This issue affects WPYog…
High
CVE-2025-27291
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery – Image Gallery photo-image-gallery allows Reflected XSS.This i…
High
CVE-2025-27289
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Guillien Restrict Taxonomies restrict-taxonomies allows Reflected XSS.This issue affects…
High
CVE-2025-27288
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons file-icons allows Reflected XSS.This issue affects File Icons: from n/a through…
High
CVE-2025-27285
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through <…
High
CVE-2025-27284
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in divspark Flagged Content flagged-content allows Reflected XSS.This issue affects Flagged Content:…
High
CVE-2025-24752
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected X…
High
CVE-2025-24745
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classif…
High
CVE-2025-24670
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhanendran Rajagopal Term Taxonomy Converter term-taxonomy-converter allows Reflected XSS.This is…
High
CVE-2025-24655
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through…
High
CVE-2025-24645
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction eazy-under-construction allows Reflected XSS.This issue affects…
High
CVE-2025-24640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects…
High
CVE-2025-24637
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Reflected XSS.This issue affect…
High
CVE-2025-24624
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Event ht-event allows Reflected XSS.This issue affects HT Event: from n/a through <=…
High
CVE-2025-24621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arco…
High
CVE-2025-24619
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action wp-log-action allows Reflected XSS.This issue affects WP Log Action: f…
High
CVE-2025-24586
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.…
High
CVE-2025-24553
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akadrama Shipping with Venipak for WooCommerce wc-venipak-shipping allows Reflected XSS.This issu…
Medium
CVE-2025-24550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager job-manager-by-jobscore allows Stored XSS.This issue affects Job Manager: fr…
High
CVE-2025-24548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affe…
High
CVE-2025-24539
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue aff…
High
CVE-2025-23858
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom…
High
CVE-2025-23855
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay spiderdisplay allows Reflected XSS.This issue affects SpiderDisplay: from n/a…
High
CVE-2025-23782
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Reflected XSS.This issue affects TotalConte…
High
CVE-2025-23448
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dastan800 visualslider Sldier visual-slider allows Reflected XSS.This issue affects visualslider…
High
CVE-2025-23443
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase author-showcase allows Reflected XSS.This issue affects Author Showca…
High
CVE-2025-22796
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a…
High
CVE-2025-22774
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDL…
Medium
CVE-2025-22771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China sensitive-chinese-words-scanner allows Stored XSS.Th…
High
CVE-2025-22692
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rachanaS Sponsered Link sponsered-link allows Reflected XSS.This issue affects Sponsered Link: fr…
High
CVE-2025-22651
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader stylish-google-sheet-reader allows Reflected XSS.This…
High
CVE-2025-22636
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n…
High
CVE-2025-22565
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 vooplayer allows Reflected XSS.This issue affects vooPlayer v4: from…
Medium
CVE-2025-22340
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Stored XSS.This issue affects Data Dash: from n/a through <=…
Medium
CVE-2025-29015
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
Medium
CVE-2025-3760
A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through…
Medium
CVE-2025-3487
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and includin…
Medium
CVE-2025-3615
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization…
Low
CVE-2025-1525
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
Low
CVE-2025-1524
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
Low
CVE-2025-1523
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
Low
CVE-2024-11924
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf…
Medium
CVE-2025-43717
In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading…
2025-04-16
Medium
CVE-2025-29710
SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.
Medium
CVE-2025-26153
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, repl…
Medium
CVE-2025-3733
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0…
Medium
CVE-2024-40074
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability…
Medium
CVE-2024-40069
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST para…
Low
CVE-2025-3692
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.p…
Medium
CVE-2025-39590
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.…
Medium
CVE-2025-39585
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolk…