Total
41706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49890 | 2025-08-20 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jorge Garcia de Bustos AWStats Script allows Stored XSS. This issue affects AWStats Script: from n/a through 0.3. | |||||
| CVE-2025-48168 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player allows Reflected XSS. This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through 3.4. | |||||
| CVE-2025-53562 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1. | |||||
| CVE-2025-49894 | 2025-08-20 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rewish WP Emmet allows Stored XSS. This issue affects WP Emmet: from n/a through 0.3.4. | |||||
| CVE-2025-54044 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5. | |||||
| CVE-2025-49420 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre-Henri Lavigne Markup Markdown allows Stored XSS. This issue affects Markup Markdown: from n/a through 3.20.6. | |||||
| CVE-2024-12223 | 2025-08-20 | N/A | N/A | ||
| Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | |||||
| CVE-2025-49389 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3. | |||||
| CVE-2025-49424 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a through 1.9. | |||||
| CVE-2025-48297 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a. | |||||
| CVE-2025-48163 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support allows Reflected XSS. This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through 3.5.4. | |||||
| CVE-2025-49412 | 2025-08-20 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition allows Stored XSS. This issue affects Page Transition: from n/a through 1.3. | |||||
| CVE-2025-49395 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3. | |||||
| CVE-2025-49428 | 2025-08-20 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3. | |||||
| CVE-2025-54670 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2. | |||||
| CVE-2025-54046 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4. | |||||
| CVE-2025-48152 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst allows Reflected XSS. This issue affects Rentsyst: from n/a through 2.0.100. | |||||
| CVE-2025-49889 | 2025-08-20 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6. | |||||
| CVE-2025-49893 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in liseperu Elizaibots allows Stored XSS. This issue affects Elizaibots: from n/a through 1.0.2. | |||||
| CVE-2022-3896 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | N/A | 6.1 MEDIUM |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers. | |||||