Total
41072 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62125 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0. | ||||
| CVE-2025-8460 | 1 Centreon | 1 Centreon | 2026-01-05 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4. | ||||
| CVE-2025-54890 | 1 Centreon | 1 Centreon | 2026-01-05 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29. | ||||
| CVE-2025-49355 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2. | ||||
| CVE-2025-23608 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.2. | ||||
| CVE-2025-59135 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. | ||||
| CVE-2025-62989 | 2 Boxystudio, Wordpress | 2 Cooked, Wordpress | 2026-01-05 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2. | ||||
| CVE-2025-49337 | 2 Janhenckens, Wordpress | 2 Dashboard Beacon, Wordpress | 2026-01-05 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0. | ||||
| CVE-2025-63021 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3. | ||||
| CVE-2025-53235 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social allows Reflected XSS.This issue affects Easy Social: from n/a through 1.3. | ||||
| CVE-2025-23667 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill allows Reflected XSS.This issue affects custom-post-edit: from n/a through 1.0.4. | ||||
| CVE-2025-23757 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through 1.0. | ||||
| CVE-2025-50053 | 3 Google, Nebelhorn, Wordpress | 3 Android, Blappsta Mobile App Plugin, Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App allows Reflected XSS.This issue affects Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App: from n/a through 0.8.8.8. | ||||
| CVE-2021-47725 | 1 Stvs | 1 Provision | 2026-01-05 | 5.4 Medium |
| STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site. | ||||
| CVE-2025-52739 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-23705 | 2 Terry Zielke, Wordpress | 2 Zielke Design Project Gallery, Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through 2.5.0. | ||||
| CVE-2025-23719 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0. | ||||
| CVE-2025-47566 | 2 Digitalzoomstudio, Wordpress | 3 Dzs-zoomsounds, Zoomsounds, Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. | ||||
| CVE-2025-23707 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse allows Reflected XSS.This issue affects En Masse: from n/a through 1.0. | ||||
| CVE-2021-47743 | 1 Commax | 1 Biometric Access Control System | 2026-01-05 | 6.1 Medium |
| COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim's browser session. | ||||