High
CVE-2025-32551
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Reflecte…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 74/398 • 47660 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47660 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-11
High
CVE-2025-32541
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issu…
High
CVE-2025-32539
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows Reflected XSS.This issue affects Store E…
High
CVE-2025-32538
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows Reflected XSS.This issue affects Easy P…
High
CVE-2025-32537
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates lock-your-updates allows Reflected XSS.This issue affects Lock Yo…
High
CVE-2025-32536
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected…
High
CVE-2025-32534
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflect…
High
CVE-2025-32525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interact…
High
CVE-2025-32524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online all…
High
CVE-2025-32523
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce – Payphone Gateway wc-payphone-gateway allows Reflected XSS.This issue affec…
High
CVE-2025-32517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer scand-multi-mailer allows Reflected XSS.This issue affects MultiMailer: from n/…
High
CVE-2025-31379
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HT…
High
CVE-2025-31378
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Un…
High
CVE-2025-31028
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects…
High
CVE-2025-31021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a…
Medium
CVE-2025-32809
W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id.
2025-04-10
Low
CVE-2025-3469
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includ…
Medium
CVE-2025-32027
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.…
Medium
CVE-2025-32391
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab…
Medium
CVE-2023-42007
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…
Medium
CVE-2025-25197
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS p…
High
CVE-2025-27350
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa vice-versa allows Reflected XSS.This issue affects Vice Versa: from n/a th…
Medium
CVE-2025-32230
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0.
Medium
CVE-2025-32215
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.…
Medium
CVE-2025-32214
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/…
Medium
CVE-2025-32199
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-…
Medium
CVE-2025-32198
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy brizy.This issue affects Brizy: from n/a through <= 2.7.7.
Medium
CVE-2025-32139
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooBox Image Lightbox foobox-image-lightbox.This issue affects FooBox Image Lightbox…
High
CVE-2025-32116
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master qr-master allows Reflected XSS.This issue affects QR Master: from n/a through <=…
High
CVE-2025-32115
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Pop…
High
CVE-2025-32114
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.T…
High
CVE-2024-13874
The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high…
Medium
CVE-2024-10894
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and inclu…
Medium
CVE-2025-3489
A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulat…
2025-04-09
Medium
CVE-2025-29018
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
Medium
CVE-2025-32690
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podca…
Medium
CVE-2025-32683
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapS…
Medium
CVE-2025-32680
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream review-stream allows Stored XSS.This issue affects Review Stream: fr…
High
CVE-2025-32673
Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.
High
CVE-2025-32669
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.
High
CVE-2025-32667
Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.
High
CVE-2025-32664
Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.
High
CVE-2025-32661
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7.
High
CVE-2025-32659
Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Stored XSS.This issue affects FraudLabs Pro for WooCommerce: from n/…
High
CVE-2025-32645
Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through <= 4.4.
High
CVE-2025-32644
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location World Clock ip2location-world-clock allows Stored XSS.This issue affects IP2Location World Clock: from n/a through <= 1.1.9.
Medium
CVE-2025-32640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Ally pojo-accessibility allows Stored XSS.This issue affects Ally: from n/a through <=…
High
CVE-2025-32623
Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory z-inventory-manager allows Stored XSS.This issue affects PlainInventory: from n/a through <= 3.1.9.
High
CVE-2025-32619
Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.
High
CVE-2025-32617
Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/…
High
CVE-2025-32616
Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.
High
CVE-2025-32612
Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.…
High
CVE-2025-32597
Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Cross-Site Scripting (XSS).This issue affects WordPr…
High
CVE-2025-32581
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects…
High
CVE-2025-32580
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affect…
High
CVE-2025-32575
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through <= 2.9.9.
High
CVE-2025-32570
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects Chill…
High
CVE-2025-32559
Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.
High
CVE-2025-32556
Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager simple-post-meta-manager allows Reflected XSS.This issue affects Simple Post Meta Manager: from n/a through <…
High
CVE-2025-32555
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrit…
High
CVE-2025-32543
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments canonical-attachments allows Reflected XSS.This issue affects C…
High
CVE-2025-32518
Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.
High
CVE-2025-32505
Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
High
CVE-2025-32503
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a thr…
High
CVE-2025-32502
Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1…
High
CVE-2025-32501
Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
High
CVE-2025-32500
Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.
High
CVE-2025-32498
Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.
High
CVE-2025-32497
Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.
Medium
CVE-2025-32495
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark waymark allows Stored XSS.This issue affects Waymark: from n/a through <= 1.5.3.
Medium
CVE-2025-32493
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect bp-social-connect allows Stored XSS.This issue affects BP Social Con…
Medium
CVE-2025-32492
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List admin-menu-post-list allows Stored XSS.This issue affects Admin…
Medium
CVE-2025-32489
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner wetterwarner allows Stored XSS.This issue affects Wetterwarner: from n/a through…
Medium
CVE-2025-32488
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font aria-font allows Stored XSS.This issue affects Aria Font: from n/a through…
High
CVE-2025-32484
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification wp-planification allows Stored XSS.This issue affects WP-Planification: from n/a through <= 2.3.1.
Medium
CVE-2025-32483
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back request-call-back allows Stored XSS.This issue affects Request…
High
CVE-2025-32482
Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2.
High
CVE-2025-32481
Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect nino-social-connect allows Stored XSS.This issue affects Nino Social Connect: from n/a through <= 2.0.
High
CVE-2025-32480
Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1.
High
CVE-2025-32479
Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through <= 1.0.7.
High
CVE-2025-32478
Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox wp-sexylightbox allows Stored XSS.This issue affects WP SexyLightBox: from n/a through <= 0.5.3.
High
CVE-2025-32477
Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through <= 0.41.
High
CVE-2025-32476
Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists advanced-tag-list allows Stored XSS.This issue affects Advanced Tag Lists: from n/a through <= 1.2.
High
CVE-2025-31404
Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4.
High
CVE-2025-31402
Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <=…
High
CVE-2025-31401
Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0.
High
CVE-2025-31400
Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8.
High
CVE-2025-31399
Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5.
High
CVE-2025-31395
Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through <= 1.0.
High
CVE-2025-31394
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affec…
High
CVE-2025-31393
Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED social-bookmarking-reloaded allows Stored XSS.This issue affects Social Bookmarking RELOADED: from n/a through…
High
CVE-2025-31391
Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through <= 1.7.1.
High
CVE-2025-31390
Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Social Crowd: from n/a through <= 0.9.6.1.
High
CVE-2025-31388
Cross-Site Request Forgery (CSRF) vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through <= 0.4.
High
CVE-2025-31385
Cross-Site Request Forgery (CSRF) vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through <= 0.3.
High
CVE-2025-31383
Cross-Site Request Forgery (CSRF) vulnerability in sodena FrescoChat Live Chat flexytalk-widget allows Stored XSS.This issue affects FrescoChat Live Chat: from n/a through <= 3.2.6.
High
CVE-2025-31382
Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through <= 0.9.
High
CVE-2025-31375
Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled scheduled allows Stored XSS.This issue affects Scheduled: from n/a through <= 1.0.
Medium
CVE-2025-31035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor wp-editormd allows Stored XSS…
High
CVE-2025-31032
Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway allows Stored XSS.This issue affects Pagopar – WooCommerce Gateway:…
High
CVE-2025-31026
Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <=…
Medium
CVE-2025-31020
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler allows Stored XSS.This issue affects Simple Spoiler: fro…
Medium
CVE-2025-31017
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu…
Medium
CVE-2025-31008
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affect…
Medium
CVE-2025-29389
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.
Medium
CVE-2023-33844
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
Medium
CVE-2024-8243
The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
Medium
CVE-2025-3100
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in al…
2025-04-08
Medium
CVE-2025-30292
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a…
Medium
CVE-2025-27205
Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious sc…
Medium
CVE-2025-32211
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: fro…
High
CVE-2025-32117
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Wid…
Medium
CVE-2025-27442
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Medium
CVE-2025-27441
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Medium
CVE-2025-27084
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploi…
High
CVE-2025-22466
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Medium
CVE-2025-22465
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely us…
Low
CVE-2025-22855
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages co…
Medium
CVE-2025-2808
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63…
Medium
CVE-2025-3432
The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitizatio…