Total
37612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54959 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). | ||||
| CVE-2024-54958 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page. | ||||
| CVE-2024-30192 | 1 Gsplugins | 1 Gs Pinterest Portfolio | 2025-07-01 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | ||||
| CVE-2022-36350 | 1 Pukiwiki | 1 Pukiwiki | 2025-06-30 | 6.1 Medium |
| Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2025-53121 | 2025-06-30 | N/A | ||
| Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon 33.1.6, 33.1.7 or Meridian 2024.2.6, 2024.2.7 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Fábio Tomé for reporting this issue. | ||||
| CVE-2025-28956 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2. | ||||
| CVE-2025-31428 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. | ||||
| CVE-2025-47654 | 2025-06-30 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20. | ||||
| CVE-2025-53301 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Junkie Theme Junkie Team Content allows DOM-Based XSS. This issue affects Theme Junkie Team Content: from n/a through 0.1.1. | ||||
| CVE-2025-53292 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk WP DataTable allows DOM-Based XSS. This issue affects WP DataTable: from n/a through 0.2.7. | ||||
| CVE-2025-53287 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Cummings Quick Favicon allows Stored XSS. This issue affects Quick Favicon: from n/a through 0.22.8. | ||||
| CVE-2025-53282 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor allows Stored XSS. This issue affects Thumbnail Editor: from n/a through 2.3.3. | ||||
| CVE-2025-53278 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0. | ||||
| CVE-2025-53275 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9. | ||||
| CVE-2025-53253 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit allows Stored XSS. This issue affects WP Edit: from n/a through 4.0.4. | ||||
| CVE-2025-4587 | 2025-06-30 | 6.4 Medium | ||
| The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-39488 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne allows Reflected XSS. This issue affects MagOne: from n/a through 8.5. | ||||
| CVE-2025-53294 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda allows Stored XSS. This issue affects Smart Agenda: from n/a through 4.9. | ||||
| CVE-2025-53290 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap allows Stored XSS. This issue affects WP Visual Sitemap: from n/a through 1.0.2. | ||||
| CVE-2025-53280 | 1 Wordpress | 1 Wordpress | 2025-06-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.5. | ||||