Total
41574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49066 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2. | |||||
| CVE-2025-49046 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n/a through <= 1.3.4. | |||||
| CVE-2025-49045 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3. | |||||
| CVE-2025-49043 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1.6. | |||||
| CVE-2025-48094 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2. | |||||
| CVE-2025-47666 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7. | |||||
| CVE-2025-47500 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through <= 3.19.5. | |||||
| CVE-2025-32123 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through <= 5.3.5. | |||||
| CVE-2026-24389 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2. | |||||
| CVE-2025-36409 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 5.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36408 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 6.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36396 | 1 Ibm | 1 Application Gateway | 2026-01-26 | N/A | 5.4 MEDIUM |
| IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-27005 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5. | |||||
| CVE-2024-31975 | 1 Engeniustech | 2 Ews356-fit, Ews356-fit Firmware | 2026-01-26 | N/A | 4.8 MEDIUM |
| EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button. | |||||
| CVE-2024-51673 | 1 Hasthemes | 1 Ht Politic | 2026-01-26 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4. | |||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2026-01-26 | N/A | 6.1 MEDIUM |
| phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. | |||||
| CVE-2024-41349 | 1 Unmark | 1 Unmark | 2026-01-26 | N/A | 6.1 MEDIUM |
| unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. | |||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | |||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 6.1 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | |||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 5.4 MEDIUM |
| openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | |||||