Total
41742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49423 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator allows Reflected XSS. This issue affects Bulk YouTube Post Creator: from n/a through 1.0. | |||||
| CVE-2025-53292 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk WP DataTable allows DOM-Based XSS. This issue affects WP DataTable: from n/a through 0.2.7. | |||||
| CVE-2025-53202 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6. | |||||
| CVE-2025-39488 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne allows Reflected XSS. This issue affects MagOne: from n/a through 8.5. | |||||
| CVE-2025-28988 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3. | |||||
| CVE-2025-53253 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit allows Stored XSS. This issue affects WP Edit: from n/a through 4.0.4. | |||||
| CVE-2025-30972 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7. | |||||
| CVE-2025-52778 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5.2. | |||||
| CVE-2025-4587 | 2025-06-30 | N/A | 6.4 MEDIUM | ||
| The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-23973 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugudlabs SpecFit-Virtual Try On Woocommerce allows Stored XSS. This issue affects SpecFit-Virtual Try On Woocommerce: from n/a through 7.0.6. | |||||
| CVE-2025-53275 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9. | |||||
| CVE-2025-31428 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. | |||||
| CVE-2025-47654 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20. | |||||
| CVE-2025-52799 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1. | |||||
| CVE-2025-28960 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3. | |||||
| CVE-2025-53336 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through 1.0.3. | |||||
| CVE-2024-12915 | 2025-06-30 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. | |||||
| CVE-2025-53093 | 2025-06-30 | N/A | 8.6 HIGH | ||
| TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag. Version 3.1.1 contains a patch for the bug. | |||||
| CVE-2025-41439 | 2025-06-30 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. | |||||
| CVE-2024-31634 | 1 Xunruicms | 1 Xunruicms | 2025-06-30 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | |||||