Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 42647 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-23679 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flourish Pixel FP RSS Category Excluder fp-rss-category-excluder allows Reflected XSS.This issue affects FP RSS Category Excluder: from n/a through <= 1.0.0.
CVE-2025-23678 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Imranur Rahman LocalGrid localgrid allows Reflected XSS.This issue affects LocalGrid: from n/a through <= 1.0.1.
CVE-2025-23676 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Email lh-email allows Reflected XSS.This issue affects LH Email: from n/a through <= 1.12.
CVE-2025-23674 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through <= 1.1.
CVE-2025-23672 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through <= 1.2.
CVE-2025-23671 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through <= 1.0.
CVE-2025-23670 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in montashov 4 author cheer up donate 4-author-cheer-up-donate allows Reflected XSS.This issue affects 4 author cheer up donate: from n/a through <= 1.3.
CVE-2025-23669 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin WP Smart Tooltip wp-smart-tool-tip allows Stored XSS.This issue affects WP Smart Tooltip: from n/a through <= 1.0.0.
CVE-2025-23668 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauricio Urrego ChatGPT Open AI Images & Content for WooCommerce glasses-for-woocommerce allows Reflected XSS.This issue affects ChatGPT Open AI Images & Content for WooCommerce: from n/a through <= 2.2.0.
CVE-2025-23667 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through <= 1.0.4.
CVE-2025-23666 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cxc-sawa Management-screen-droptiles cxc-sawa allows Reflected XSS.This issue affects Management-screen-droptiles: from n/a through <= 1.0.
CVE-2026-30562 1 Ahsanriaz26gmailcom 1 Sales And Inventory System 2026-04-01 N/A 9.3 CRITICAL
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2025-23663 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through <= 1.0.
CVE-2025-23658 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.
CVE-2025-23657 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through <= 1.0.1.
CVE-2025-23655 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-on: from n/a through <= 1.2.3.
CVE-2025-23653 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form To Online Booking: from n/a through <= 1.0.
CVE-2025-23652 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through <= 1.0.
CVE-2025-23651 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through <= 1.3.3.
CVE-2025-23650 2026-04-01 N/A N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= 1.3.