Total
41779 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6732 | 1 Supsystic | 1 Ultimate Maps | 2025-06-02 | N/A | 4.8 MEDIUM |
| The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2023-52069 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | N/A | 5.4 MEDIUM |
| kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter. | |||||
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-06-02 | N/A | 5.4 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | |||||
| CVE-2023-48858 | 1 Abocms | 1 Abo.cms | 2025-06-02 | N/A | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part. | |||||
| CVE-2023-46952 | 1 Abocms | 1 Abo.cms | 2025-06-02 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. | |||||
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2025-06-02 | N/A | 6.1 MEDIUM |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | |||||
| CVE-2023-0376 | 1 Themeum | 1 Qubely | 2025-06-02 | N/A | 5.4 MEDIUM |
| The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-21726 | 1 Joomla | 1 Joomla\! | 2025-06-02 | N/A | 6.5 MEDIUM |
| Inadequate content filtering leads to XSS vulnerabilities in various components. | |||||
| CVE-2024-28070 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | N/A | 6.8 MEDIUM |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. | |||||
| CVE-2024-26468 | 1 Jstrieb | 1 Url Pages | 2025-06-02 | N/A | 6.1 MEDIUM |
| A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2024-26467 | 1 Tabatkins | 1 Railroad-diagram Generator | 2025-06-02 | N/A | 6.1 MEDIUM |
| A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. | |||||
| CVE-2025-1647 | 2025-06-01 | N/A | 5.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. | |||||
| CVE-2024-22569 | 1 Poscms | 1 Poscms | 2025-05-30 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | |||||
| CVE-2024-6487 | 1 Data443 | 1 Inline Related Posts | 2025-05-30 | N/A | 5.9 MEDIUM |
| The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-6021 | 1 Bharatkambariya | 1 Donation Block For Paypal | 2025-05-30 | N/A | 6.8 MEDIUM |
| The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability | |||||
| CVE-2024-3113 | 1 Devsabbirahmed | 1 Simple Form | 2025-05-30 | N/A | 5.9 MEDIUM |
| The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 4.3 MEDIUM |
| ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 5.4 MEDIUM |
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | |||||
| CVE-2024-33997 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.1 MEDIUM |
| Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. | |||||
| CVE-2025-4988 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||