Total
34046 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13757 | 2025-03-05 | 6.4 Medium | ||
| The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-5667 | 2025-03-05 | 6.4 Medium | ||
| Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library (versions 1.7.13 to 1.7.14) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13839 | 2025-03-05 | 6.1 Medium | ||
| The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12815 | 2025-03-05 | 6.4 Medium | ||
| The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2021-46875 | 1 Ibexa | 1 Ez Platform Kernel | 2025-03-04 | 6.1 Medium |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. | ||||
| CVE-2025-23584 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pin Locations on Map allows Reflected XSS. This issue affects Pin Locations on Map: from n/a through 1.0. | ||||
| CVE-2025-23585 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter allows Reflected XSS. This issue affects Goo.gl Url Shorter: from n/a through 1.0.1. | ||||
| CVE-2025-23670 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound 4 author cheer up donate allows Reflected XSS. This issue affects 4 author cheer up donate: from n/a through 1.3. | ||||
| CVE-2025-23688 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Cobwebo URL Plugin allows Reflected XSS. This issue affects Cobwebo URL Plugin: from n/a through 1.0. | ||||
| CVE-2025-23716 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Login Watchdog allows Stored XSS. This issue affects Login Watchdog: from n/a through 1.0.4. | ||||
| CVE-2025-1955 | 2025-03-04 | 3.5 Low | ||
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-50309 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | 6.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-32340 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-04 | 4.6 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-1051 | 1 Askoc | 1 Web Report System | 2025-03-04 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before 23.03.10. | ||||
| CVE-2023-1410 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2025-03-04 | 6.2 Medium |
| Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. | ||||
| CVE-2021-44196 | 1 Ubit | 1 Student Information Management System | 2025-03-04 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | ||||
| CVE-2024-57423 | 2025-03-04 | 6.1 Medium | ||
| A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. | ||||
| CVE-2025-23718 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mancx AskMe Widget allows Reflected XSS. This issue affects Mancx AskMe Widget: from n/a through 0.3. | ||||
| CVE-2025-23721 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Mobigate allows Reflected XSS. This issue affects Mobigate: from n/a through 1.0.3. | ||||
| CVE-2025-23726 | 2025-03-04 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ComparePress allows Reflected XSS. This issue affects ComparePress: from n/a through 2.0.8. | ||||