Total
36804 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49333 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3. | ||||
| CVE-2025-31025 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5. | ||||
| CVE-2025-30941 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marvie Pons Pinterest Verify Meta Tag allows Stored XSS. This issue affects Pinterest Verify Meta Tag: from n/a through 1.3. | ||||
| CVE-2025-30940 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melipayamak Melipayamak allows Stored XSS. This issue affects Melipayamak: from n/a through 2.2.12. | ||||
| CVE-2025-30939 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debashish IFrame Widget allows Stored XSS. This issue affects IFrame Widget: from n/a through 4.1. | ||||
| CVE-2025-30938 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2. | ||||
| CVE-2025-30634 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IWEBIX WP Featured Content Slider allows Stored XSS. This issue affects WP Featured Content Slider: from n/a through 2.6. | ||||
| CVE-2025-49068 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8. | ||||
| CVE-2025-30630 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2. | ||||
| CVE-2025-30627 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regolithsjk Elegant Visitor Counter allows Stored XSS. This issue affects Elegant Visitor Counter: from n/a through 3.1. | ||||
| CVE-2025-30625 | 2025-06-06 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Pramschufer AppBanners allows Stored XSS. This issue affects AppBanners: from n/a through 1.5.14. | ||||
| CVE-2025-49074 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4. | ||||
| CVE-2025-49075 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43. | ||||
| CVE-2025-49076 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7. | ||||
| CVE-2024-50857 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 4.8 Medium |
| The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully. | ||||
| CVE-2024-50859 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 4.8 Medium |
| The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data. | ||||
| CVE-2024-50861 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 6.1 Medium |
| The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks. | ||||
| CVE-2025-5628 | 1 Remyandrade | 1 Food Menu Manager | 2025-06-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30991 | 2025-06-06 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2. | ||||
| CVE-2024-8008 | 2025-06-06 | 5.2 Medium | ||
| A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible. | ||||