Total
42026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2025-04-29 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||||
| CVE-2021-31739 | 1 Seppmail | 1 Seppmail | 2025-04-29 | N/A | 6.1 MEDIUM |
| The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. | |||||
| CVE-2024-13207 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-04-29 | N/A | 4.8 MEDIUM |
| The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13610 | 1 Wpbrigade | 1 Simple Social Buttons | 2025-04-29 | N/A | 4.8 MEDIUM |
| The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-3081 | 1 Easycorp | 1 Easyadmin | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the affected component. The identifier VDB-258613 was assigned to this vulnerability. | |||||
| CVE-2025-2279 | 1 Robosoft | 1 Maps | 2025-04-29 | N/A | 5.9 MEDIUM |
| The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-11924 | 1 Icegram | 1 Icegram Express | 2025-04-29 | N/A | 3.5 LOW |
| The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-1523 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-29 | N/A | 3.5 LOW |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-46239 | 1 Plugin-planet | 1 Theme Switcha | 2025-04-29 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4. | |||||
| CVE-2025-46240 | 1 Plugin-planet | 1 Simple Download Counter | 2025-04-29 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2. | |||||
| CVE-2024-55279 | 1 Uguu | 1 Uguu | 2025-04-29 | N/A | 6.0 MEDIUM |
| Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files. | |||||
| CVE-2024-11503 | 1 Shapedplugin | 1 Wp Tabs | 2025-04-29 | N/A | 6.1 MEDIUM |
| The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-12769 | 1 Simple Banner Project | 1 Simple Banner | 2025-04-29 | N/A | 3.5 LOW |
| The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13863 | 1 Wppluginbox | 1 Stylish Google Sheet Reader | 2025-04-29 | N/A | 7.1 HIGH |
| The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | N/A | 5.4 MEDIUM |
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | |||||
| CVE-2022-45015 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field. | |||||
| CVE-2022-45014 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field. | |||||
| CVE-2022-45013 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. | |||||
| CVE-2022-45012 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field. | |||||
| CVE-2022-44787 | 1 Maggioli | 1 Appalti \& Contratti | 2025-04-29 | N/A | 6.1 MEDIUM |
| An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page. As an example, the onmouseenter attribute is not sanitized. | |||||