Total
37044 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33332 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter. | |||||
| CVE-2024-13225 | 1 Etemplates | 1 Ect Home Page Products | 2025-05-13 | N/A | 6.1 MEDIUM |
| The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13222 | 1 Marvinlabs | 1 User Messages | 2025-05-13 | N/A | 6.1 MEDIUM |
| The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-12275 | 1 Canvasflow | 1 Canvasflow | 2025-05-13 | N/A | 6.1 MEDIUM |
| The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-5002 | 1 Plugin-planet | 1 User Submitted Posts | 2025-05-13 | N/A | 4.8 MEDIUM |
| The User Submitted Posts WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-5151 | 1 Toolstack | 1 Sully | 2025-05-13 | N/A | 7.1 HIGH |
| The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-5442 | 1 Imagely | 1 Nextgen Gallery | 2025-05-13 | N/A | 5.9 MEDIUM |
| The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-5472 | 1 Holoborodko | 1 Wp Quicklatex | 2025-05-13 | N/A | 7.1 HIGH |
| The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-5575 | 1 Metaphorcreations | 1 Ditty | 2025-05-13 | N/A | 4.7 MEDIUM |
| The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-29812 | 1 Wpdeveloper | 1 Reviewx | 2025-05-13 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | |||||
| CVE-2024-29811 | 1 Softlabbd | 1 Radio Player | 2025-05-13 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. | |||||
| CVE-2024-29807 | 1 Dearhive | 1 Dearflip | 2025-05-13 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. | |||||
| CVE-2024-29806 | 1 Reservationdiary | 1 Redi Restaurant Reservation | 2025-05-13 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | |||||
| CVE-2024-29805 | 1 Shopup | 1 Shipping With Venipak For Woocommerce | 2025-05-13 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. | |||||
| CVE-2024-5627 | 1 Tournamatch | 1 Tournamatch | 2025-05-13 | N/A | 5.4 MEDIUM |
| The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-5644 | 1 Tournamatch | 1 Tournamatch | 2025-05-13 | N/A | 5.4 MEDIUM |
| The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-29804 | 1 Heateor | 1 Fancy Comments | 2025-05-13 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. | |||||
| CVE-2024-6938 | 1 B3log | 1 Siyuan | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability. | |||||
| CVE-2025-22142 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 5.4 MEDIUM |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-42202 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-05-13 | N/A | 6.1 MEDIUM |
| TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | |||||