Low
CVE-2025-27608
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5.…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 76/398 • 47660 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47660 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-02
Medium
CVE-2025-29719
SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields.
Medium
CVE-2025-20203
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a st…
Medium
CVE-2025-20120
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a…
Medium
CVE-2024-56475
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the…
Medium
CVE-2024-56341
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering t…
High
CVE-2025-30090
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
Medium
CVE-2025-3098
The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and outp…
Medium
CVE-2025-2513
The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization…
Medium
CVE-2025-2483
The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient in…
Medium
CVE-2024-45699
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriat…
Medium
CVE-2025-27693
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with…
2025-04-01
Medium
CVE-2025-31889
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a th…
Medium
CVE-2025-31819
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks.This issue affects Nova Blocks: from n/a through <= 2.1.8.
High
CVE-2025-31594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading auto-scroll-for-reading allows Reflected XSS.This issue affects Au…
High
CVE-2025-31578
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Re…
High
CVE-2025-31571
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider the-logo-slider allows Reflected XSS.This issue affects The…
High
CVE-2025-31568
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds wiredminds-leadlab allows Reflected XSS.This issue affects L…
High
CVE-2025-31563
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar open-ai-search-bar allows Stored XSS.This issue affects AI Search Bar: f…
High
CVE-2025-31548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue…
High
CVE-2025-31537
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish allows R…
High
CVE-2025-31462
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar cgm-event-calendar allows Reflected XSS.This issue affects CGM Event…
High
CVE-2025-31461
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from…
High
CVE-2025-31455
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit…
High
CVE-2025-31454
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Delete Post Revision delete-post-revision allows Reflected XSS.This issue affects Delete P…
High
CVE-2025-31446
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner wpcleaner allows Reflected XSS.This issue affects WP Cleaner: from n/a throu…
High
CVE-2025-31445
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a thr…
High
CVE-2025-31441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria wp-galleria allows Reflected XSS.This issue affects WordPress Galleria: from…
High
CVE-2025-31431
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from…
High
CVE-2025-31086
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Produ…
High
CVE-2025-31085
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows Reflected XSS.This issue affects xili-l…
High
CVE-2025-31081
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enab…
High
CVE-2025-31080
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a…
High
CVE-2025-31078
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-editi…
High
CVE-2025-30913
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from…
High
CVE-2025-30906
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.T…
High
CVE-2025-30905
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows…
High
CVE-2025-30852
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affect…
High
CVE-2025-30844
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
High
CVE-2025-30778
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <…
High
CVE-2025-30554
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through…
Medium
CVE-2025-29049
Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.
Medium
CVE-2025-26054
Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration.
High
CVE-2025-31908
Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup json-structuring-markup allows Stored XSS.This issue affects JSON Structuring Markup: from n/a through <…
High
CVE-2025-31906
Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows Stored XSS.This issue affects WP Profitshare: from n/a through <= 1.4.9.
Medium
CVE-2025-31897
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affec…
Medium
CVE-2025-31895
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a t…
Medium
CVE-2025-31894
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infoway LLC Ebook Downloader ebook-downloader allows Stored XSS.This issue affects Ebook Download…
Medium
CVE-2025-31892
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: fro…
Medium
CVE-2025-31891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gosign Gosign – Posts Slider Block gosign-posts-slider-block allows Stored XSS.This issue affects…
Medium
CVE-2025-31890
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mashi Simple Map No Api simple-map-no-api allows Stored XSS.This issue affects Simple Map No Api:…
Medium
CVE-2025-31885
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affect…
Medium
CVE-2025-31884
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Stored XSS.This issue affects Nor…
Medium
CVE-2025-31883
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Stored XSS.This issue affects WebinarPress:…
Medium
CVE-2025-31875
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through…
Medium
CVE-2025-31874
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay WebberZone Snippetz add-to-all allows Stored XSS.This issue affects WebberZone Snippetz: fro…
Medium
CVE-2025-31873
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sheetdb SheetDB sheetdb allows Stored XSS.This issue affects SheetDB: from n/a through <= 1.3.4.
Medium
CVE-2025-31869
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows Stored XSS.This issue affects…
Medium
CVE-2025-31864
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up S…
Medium
CVE-2025-31861
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored X…
Medium
CVE-2025-31860
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <…
Medium
CVE-2025-31857
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor addonskit-for-elementor allows Stored XSS.This issue af…
Medium
CVE-2025-31855
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API smm-api allows Stored XSS.This issue affects SMM API: from n/a through <= 6.0.…
Medium
CVE-2025-31853
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup smartarget-popup allows Stored XSS.This issue affects Sm…
Medium
CVE-2025-31851
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds…
Medium
CVE-2025-31850
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor…
Medium
CVE-2025-31849
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One nemesis-all-in-one allows Stored XSS.This issue affects Nemesis Al…
Medium
CVE-2025-31847
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a…
Medium
CVE-2025-31844
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks magical-blocks allows Stored XSS.This issue affects Magical Blocks: from…
Medium
CVE-2025-31838
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eventbee Eventbee RSVP Widget eventbee-rsvp-widget allows DOM-Based XSS.This issue affects Eventb…
Medium
CVE-2025-31837
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3.
Medium
CVE-2025-31835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects…
Medium
CVE-2025-31829
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred ShopCred shopcred allows DOM-Based XSS.This issue affects ShopCred: from n/a through <=…
Medium
CVE-2025-31823
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons wpop-elementor-addons allows Stored XSS.This issue affe…
Medium
CVE-2025-31818
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentBot.ai ContentBot AI Writer content-bot allows Stored XSS.This issue affects ContentBot AI…
Medium
CVE-2025-31817
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWheels BlockWheels blockwheels allows DOM-Based XSS.This issue affects BlockWheels: from n/a th…
Medium
CVE-2025-31815
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from…
Medium
CVE-2025-31813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Website366.com WPSHARE247 Elementor Addons wpshare247-elementor-addons allows Stored XSS.This iss…
Medium
CVE-2025-31812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas BuddyPress Members Only buddypress-members-only allows Stored XSS.This issue affects BuddyP…
Medium
CVE-2025-31811
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtreeme Planyo online reservation system planyo-online-reservation-system allows Stored XSS.This…
Medium
CVE-2025-31806
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uSystems Webling webling allows Stored XSS.This issue affects Webling: from n/a through <= 3.9.0.
Medium
CVE-2025-31805
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Gutena Kit – Gutenberg Blocks and Templates gutena-kit allows Stored XSS.This issue af…
Medium
CVE-2025-31804
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Fol…
Medium
CVE-2025-31803
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neteuro Turisbook Booking System turisbook-booking-system allows Stored XSS.This issue affects Tu…
Medium
CVE-2025-31801
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maksym Marko MX Time Zone Clocks mx-time-zone-clocks allows Reflected XSS.This issue affects MX T…
Medium
CVE-2025-31797
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from…
Medium
CVE-2025-31793
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Stored XSS.This issue affects Piotnet Forms: from…
Medium
CVE-2025-31792
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Stored XSS.This issue affects Piotnet Forms: from…
Medium
CVE-2025-31790
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binsaifullah Posten posten-post-blocks allows DOM-Based XSS.This issue affects Posten: from n/a t…
Medium
CVE-2025-31783
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leartes.NET Leartes TRY Exchange Rates leartes-try-exchange-rates allows Stored XSS.This issue af…
Medium
CVE-2025-31778
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raphaelheide Donate Me donate-me allows Reflected XSS.This issue affects Donate Me: from n/a thro…
Medium
CVE-2025-31772
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows S…
Medium
CVE-2025-31771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder team-members-for-elementor allows Stor…
Medium
CVE-2025-31770
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light content-manager-light allows Stored XSS.This issue affects Conten…
Medium
CVE-2025-31767
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Post Custom Templates Lite post-custom-templates-lite allows Stored XSS.This issue aff…
Medium
CVE-2025-31766
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PhotoShelter PhotoShelter for Photographers Blog Feed Plugin photoshelter-official-plugin allows…
Medium
CVE-2025-31764
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affect…
Medium
CVE-2025-31762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyazimov Sheet2Site sheet2site allows Stored XSS.This issue affects Sheet2Site: from n/a thro…
Medium
CVE-2025-31761
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEJAN Hypotext hypotext allows Stored XSS.This issue affects Hypotext: from n/a through <= 1.0.1.
Medium
CVE-2025-31760
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XS…
Medium
CVE-2025-31759
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BooSpot Boo Recipes boo-recipes allows Stored XSS.This issue affects Boo Recipes: from n/a throug…
Medium
CVE-2025-31754
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DobsonDev DobsonDev Shortcodes dobsondev-shortcodes allows Stored XSS.This issue affects DobsonDe…
Medium
CVE-2025-31750
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in doit Breaking News WP breaking-news-wp allows Stored XSS.This issue affects Breaking News WP: fro…
Medium
CVE-2025-31749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPelite HMH Footer Builder For Elementor hmh-footer-builder-for-elementor allows Stored XSS.This…
Medium
CVE-2025-31748
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Portfolio opal-portfolios allows Stored XSS.This issue affects Opal Portfolio: from n…
Medium
CVE-2025-31747
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a t…
Medium
CVE-2025-31745
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This is…
Medium
CVE-2025-31744
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows…
Medium
CVE-2025-31743
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows…
Medium
CVE-2025-31742
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action…
Medium
CVE-2025-31741
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from…
Medium
CVE-2025-31740
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt News, Magazine and Blog Elements news-magazine-and-blog-elements allows Stored XSS.This…
Medium
CVE-2025-31738
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/…
Medium
CVE-2025-31737
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase client-showcase allows Stored XSS.This issue affects Client Showcase: fr…
Medium
CVE-2025-31735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress footnotes-for-wordpress allows Stored XSS.This issue affects F…
Medium
CVE-2025-31734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Simple Post Expiration simple-post-expiration allows DOM-Based XSS.This issue affects…
Medium
CVE-2025-31733
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <…
Medium
CVE-2025-31731
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author…
Medium
CVE-2025-31730
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons…
Medium
CVE-2025-31121
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting a…