High
CVE-2025-28931
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 82/398 • 47665 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47665 CVEs for this tag (all time). In the last 365 days, 7595 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-11
Medium
CVE-2025-28930
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud list-mixcloud allows Stored XSS.This issue affects List Mixcloud: f…
Medium
CVE-2025-28929
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget tabbed-login allows Stored XSS.This issue affects Tabbed Login…
Medium
CVE-2025-28926
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time post-read-time allows Stored XSS.This issue affects Post Read Time: from…
High
CVE-2025-28925
Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through…
High
CVE-2025-28923
Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.
High
CVE-2025-28922
Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8.
Medium
CVE-2025-28919
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shellbot Easy Image Display easy-image-display allows Stored XSS.This issue affects Easy Image Di…
Medium
CVE-2025-28918
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featur…
Medium
CVE-2025-28914
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere wp-show-login-form allows Stored XSS.This issue affe…
Medium
CVE-2025-28908
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus pipdisqus allows Stored XSS.This issue affects pipDisqus: from n/a through <= 1.…
Medium
CVE-2025-28907
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified wp-last-modified allows Stored XSS.This issue affects WP Last Modifi…
Medium
CVE-2025-28906
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter S…
High
CVE-2025-28905
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured P…
High
CVE-2025-28901
Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged…
High
CVE-2025-28900
Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro tabgarb allows Stored XSS.This issue affects TabGarb Pro: from n/a through <= 2.6.
High
CVE-2025-28897
Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme domain-theme allows Stored XSS.This issue affects Domain Theme: from n/a through <= 1.3.
High
CVE-2025-28895
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: f…
High
CVE-2025-28894
Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts from each…
High
CVE-2025-28892
Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through <= 1.1.6.
High
CVE-2025-28891
Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3.
High
CVE-2025-28883
Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5.
Medium
CVE-2025-28879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider bee-layer-slider allows Stored XSS.This issue affects Bee Layer Slider:…
Medium
CVE-2025-28878
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys awesome-surveys allows Stored XSS.This issue affects Awesome Survey…
Medium
CVE-2025-28875
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Stored XSS.This issue affects…
Medium
CVE-2025-28871
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Stored XSS.This issue aff…
Medium
CVE-2025-28870
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from…
High
CVE-2025-28861
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= 0.1.0.
High
CVE-2025-28860
Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator google-news-editors-picks-news-feeds allows Stored XSS.This issue affects Google News Editors P…
High
CVE-2025-28857
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through…
Low
CVE-2025-2207
A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. The manipulation of the argument name leads to…
Low
CVE-2025-2206
A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to…
Medium
CVE-2025-25929
A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a u…
Medium
CVE-2025-25925
A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName pa…
Medium
CVE-2024-56338
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary…
Medium
CVE-2025-25747
Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_bac…
Medium
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisu…
Medium
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile…
High
CVE-2023-37933
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authentica…
Low
CVE-2025-2196
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mush…
Low
CVE-2025-2195
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.File…
Low
CVE-2025-2194
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileContro…
Low
CVE-2025-2191
A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pi…
Medium
CVE-2025-1434
The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system set…
Medium
CVE-2025-0629
The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cros…
High
CVE-2024-13864
The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
High
CVE-2024-13862
The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Refl…
Medium
CVE-2024-13853
The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hi…
High
CVE-2024-13836
The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used aga…
Low
CVE-2024-13615
The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow…
High
CVE-2024-13574
The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai…
Medium
CVE-2024-13413
The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and ou…
High
CVE-2025-27434
Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a…
Medium
CVE-2025-27431
User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored a…
Medium
CVE-2025-26659
SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to…
Medium
CVE-2025-25242
SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availabi…
2025-03-10
Medium
CVE-2025-27924
Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
Medium
CVE-2025-25908
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article…
Medium
CVE-2025-0660
Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as fol…
Medium
CVE-2024-55199
A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the…
Medium
CVE-2024-53307
A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a cr…
Medium
CVE-2024-52812
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site sc…
High
CVE-2025-26910
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
Medium
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
High
CVE-2024-13919
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
High
CVE-2024-13918
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Medium
CVE-2025-2150
The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be exec…
Low
CVE-2025-2133
A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument t…
2025-03-09
Low
CVE-2025-2131
A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of th…
Low
CVE-2025-2130
A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument…
Medium
CVE-2025-2127
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/l…
Low
CVE-2025-2124
A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API…
Low
CVE-2025-2123
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handle…
Medium
CVE-2025-1382
The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin…
Low
CVE-2025-1363
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as a…
2025-03-08
Medium
CVE-2025-1664
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and includi…
Medium
CVE-2024-13675
The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Icon List" Block in all versions up to, and including,…
Medium
CVE-2024-13649
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insuffic…
Medium
CVE-2025-1783
The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and outpu…
Medium
CVE-2025-1324
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including,…
Medium
CVE-2025-1287
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highl…
Medium
CVE-2024-13825
The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig…
Medium
CVE-2024-12119
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter i…
Medium
CVE-2024-12460
The Years Since – Timeless Texts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'years-since' shortcode in all versions up to, and including, 1.4.1 due to insuffic…
Medium
CVE-2025-1261
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 d…
2025-03-07
Medium
CVE-2025-27826
An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.
Medium
CVE-2025-27825
An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.
Medium
CVE-2025-27824
An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability i…
Medium
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module…
Medium
CVE-2023-35894
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks agai…
Low
CVE-2025-2087
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the…
Low
CVE-2025-2086
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument red…
Low
CVE-2025-2085
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl le…
Low
CVE-2025-2084
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of t…
Medium
CVE-2024-9458
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Medium
CVE-2024-13805
The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, a…
High
CVE-2024-13668
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be…
Medium
CVE-2024-13431
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in al…
Medium
CVE-2024-12611
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insuffici…
Medium
CVE-2025-0863
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient inpu…
Medium
CVE-2024-12809
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sani…
Medium
CVE-2025-2061
A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulat…
2025-03-06
Low
CVE-2025-2049
A vulnerability classified as problematic has been found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file AB+.php. The manipulation of the argument Bloodname leads…
Low
CVE-2025-2047
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argumen…
Medium
CVE-2025-25191
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixe…
Medium
CVE-2025-0877
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting (XSS).This issue affect…
Medium
CVE-2025-1672
The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input…
Low
CVE-2024-13902
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the…
Medium
CVE-2024-13868
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflec…
2025-03-05
Medium
CVE-2024-48246
Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php.
Medium
CVE-2025-20208
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against…
Medium
CVE-2025-27412
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed i…
Medium
CVE-2024-5667
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insuffi…
Medium
CVE-2024-13839
The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versi…
Medium
CVE-2024-13779
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due t…
Medium
CVE-2024-13757
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to i…
Medium
CVE-2024-12815
The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input saniti…
Medium
CVE-2024-11731
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.7 due to…
Medium
CVE-2025-1008
The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘view’ parameter in all versions up to, and including, 1.1.3 due to insufficient inpu…
Medium
CVE-2024-13866
The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This ma…