Total
41753 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5796 | 1 Code-projects | 1 Simple Laundry System | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5797 | 1 Code-projects | 1 Simple Laundry System | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3581 | 1 Thenewsletterplugin | 1 Newsletter | 2025-06-12 | N/A | 4.8 MEDIUM |
| The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-4652 | 1 Broadstreetads | 1 Broadstreet | 2025-06-12 | N/A | 6.1 MEDIUM |
| The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2025-31426 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player allows Reflected XSS. This issue affects Sticky Radio Player: from n/a through 3.4. | |||||
| CVE-2025-31057 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 1.4.0. | |||||
| CVE-2025-47598 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 allows Stored XSS. This issue affects History Log by click5: from n/a through 1.0.13. | |||||
| CVE-2025-48143 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14. | |||||
| CVE-2025-48279 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta. | |||||
| CVE-2025-47477 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23. | |||||
| CVE-2025-31061 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0. | |||||
| CVE-2025-49130 | 2025-06-12 | N/A | N/A | ||
| Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8. | |||||
| CVE-2025-31917 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 3.8.3. | |||||
| CVE-2025-39539 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quitenicestuff Soho Hotel allows Reflected XSS. This issue affects Soho Hotel: from n/a through 4.2.5. | |||||
| CVE-2025-47487 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1. | |||||
| CVE-2025-31638 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7. | |||||
| CVE-2025-31058 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player allows Reflected XSS. This issue affects Revolution Video Player: from n/a through 2.9.2. | |||||
| CVE-2025-32305 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit FlatNews allows Reflected XSS. This issue affects FlatNews: from n/a through 5.8. | |||||
| CVE-2025-31925 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT allows Reflected XSS. This issue affects SHOUT: from n/a through 3.5.3. | |||||
| CVE-2025-42990 | 2025-06-12 | N/A | 3.0 LOW | ||
| Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted. | |||||