Total
41790 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22792 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2. | |||||
| CVE-2025-43834 | 2025-05-21 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR: from n/a through 1.7.0. | |||||
| CVE-2025-39409 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0. | |||||
| CVE-2025-46262 | 2025-05-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through 1.5.1. | |||||
| CVE-2025-23983 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43. | |||||
| CVE-2025-39392 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | |||||
| CVE-2025-22790 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1. | |||||
| CVE-2025-39393 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue affects Hospital Management System: from n/a through 47.0 (20-11-2023). | |||||
| CVE-2025-39369 | 2025-05-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1. | |||||
| CVE-2025-22791 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twh offset writing allows Reflected XSS.This issue affects offset writing: from n/a through 1.2. | |||||
| CVE-2025-23981 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6. | |||||
| CVE-2025-43841 | 2025-05-21 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jamesdbruner WP Vegas allows Stored XSS.This issue affects WP Vegas: from n/a through 2.2. | |||||
| CVE-2025-39372 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0. | |||||
| CVE-2025-23979 | 2025-05-21 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1. | |||||
| CVE-2025-4996 | 2025-05-21 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-48203 | 2025-05-21 | N/A | 6.4 MEDIUM | ||
| The cs_seo extension through 9.2.0 for TYPO3 allows XSS. | |||||
| CVE-2025-3781 | 2025-05-21 | N/A | 6.4 MEDIUM | ||
| The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4217 | 2025-05-21 | N/A | 6.4 MEDIUM | ||
| The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-3750 | 2025-05-21 | N/A | 6.4 MEDIUM | ||
| The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4611 | 2025-05-21 | N/A | 6.4 MEDIUM | ||
| The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||