Total
37196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4469 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-16 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34021 | 1 Resiot | 1 Iot Platform And Lorawan Network Server | 2025-05-16 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. | |||||
| CVE-2025-22466 | 1 Ivanti | 1 Endpoint Manager | 2025-05-16 | N/A | 8.2 HIGH |
| Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | |||||
| CVE-2025-22465 | 1 Ivanti | 1 Endpoint Manager | 2025-05-16 | N/A | 6.1 MEDIUM |
| Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required. | |||||
| CVE-2024-5744 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-16 | N/A | 6.8 MEDIUM |
| The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2024-6070 | 1 If-so | 1 If-so | 2025-05-16 | N/A | 4.8 MEDIUM |
| The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-5604 | 1 Bug Library Project | 1 Bug Library | 2025-05-16 | N/A | 5.9 MEDIUM |
| The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-25438 | 1 Public Knowledge Project | 1 Open Journal Systems | 2025-05-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. | |||||
| CVE-2024-27734 | 1 Cszcms | 1 Csz Cms | 2025-05-15 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. | |||||
| CVE-2024-13628 | 1 Codecabin | 1 Wp Pricing Table | 2025-05-15 | N/A | 6.1 MEDIUM |
| The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13624 | 1 Caercam | 1 Wpmovielibrary | 2025-05-15 | N/A | 7.1 HIGH |
| The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13571 | 1 Agilelogix | 1 Post Timeline | 2025-05-15 | N/A | 7.1 HIGH |
| The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-13113 | 1 Flickdevs | 1 Countdown Timer For Elementor | 2025-05-15 | N/A | 5.9 MEDIUM |
| The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-12878 | 1 Thedevoice | 1 Lazy Blocks | 2025-05-15 | N/A | 7.1 HIGH |
| The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-10483 | 1 Simplepress | 1 Simplepress | 2025-05-15 | N/A | 7.1 HIGH |
| The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2024-10152 | 1 Elementengage | 1 Simple Certain Time To Show Content | 2025-05-15 | N/A | 7.1 HIGH |
| The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2024-10545 | 1 Imagely | 1 Nextgen Gallery | 2025-05-15 | N/A | 3.5 LOW |
| The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-12173 | 1 Averta | 1 Master Slider | 2025-05-15 | N/A | 3.5 LOW |
| The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-24494 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | |||||
| CVE-2024-24397 | 1 Stimulsoft | 1 Dashboards.js | 2025-05-15 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | |||||