Total
41574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68858 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07. | |||||
| CVE-2023-31233 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2026-01-27 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | |||||
| CVE-2016-10871 | 1 Ibericode | 1 Mailchimp For Wordpress | 2026-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. | |||||
| CVE-2017-18577 | 1 Ibericode | 1 Mailchimp For Wordpress | 2026-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. | |||||
| CVE-2026-22033 | 1 Humansignal | 1 Label Studio | 2026-01-27 | N/A | 5.4 MEDIUM |
| Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim’s API token or call token reset endpoints — enabling full account takeover and unauthorized API access. | |||||
| CVE-2026-24620 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3. | |||||
| CVE-2026-24584 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0. | |||||
| CVE-2026-24526 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.4.3. | |||||
| CVE-2026-22388 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2. | |||||
| CVE-2025-70368 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-8113 | 1 Shopfiles | 1 Ebook Store | 2026-01-27 | N/A | 6.1 MEDIUM |
| The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | |||||
| CVE-2024-25218 | 1 Code-projects | 1 Task Manager | 2026-01-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | |||||
| CVE-2024-25219 | 1 Code-projects | 1 Task Manager | 2026-01-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | |||||
| CVE-2024-25221 | 1 Code-projects | 1 Task Manager | 2026-01-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | |||||
| CVE-2025-69054 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8. | |||||
| CVE-2025-62077 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2. | |||||
| CVE-2023-29639 | 1 Zhenfeng13 | 1 My Blog | 2026-01-27 | N/A | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | |||||
| CVE-2023-29636 | 1 Zhenfeng13 | 1 My Blog | 2026-01-27 | N/A | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | |||||
| CVE-2012-2571 | 1 Winwebmail | 1 Winwebmail Server | 2026-01-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. | |||||
| CVE-2023-43944 | 1 Oretnom23 | 1 Task Management System | 2026-01-27 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. | |||||