Total
39595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58212 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1. | |||||
| CVE-2025-48305 | 2025-08-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6. | |||||
| CVE-2025-8073 | 2025-08-29 | N/A | 6.4 MEDIUM | ||
| The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-9352 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48319 | 2025-08-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget allows Stored XSS. This issue affects Mesa Mesa Reservation Widget: from n/a through 1.0.0. | |||||
| CVE-2025-48354 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor allows Stored XSS. This issue affects Better Post & Filter Widgets for Elementor: from n/a through 1.6.0. | |||||
| CVE-2025-58194 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3. | |||||
| CVE-2025-48360 | 2025-08-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3. | |||||
| CVE-2025-20296 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role. | |||||
| CVE-2025-58208 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder allows Stored XSS. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 6.2.0. | |||||
| CVE-2025-8897 | 2025-08-29 | N/A | 6.1 MEDIUM | ||
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'fl_builder' parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-48352 | 2025-08-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5. | |||||
| CVE-2025-48324 | 2025-08-29 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in khashabawy tli.tl auto Twitter poster allows Stored XSS. This issue affects tli.tl auto Twitter poster: from n/a through 3.4. | |||||
| CVE-2025-58209 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. | |||||
| CVE-2025-58195 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.17. | |||||
| CVE-2025-48347 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress allows Stored XSS. This issue affects bxSlider integration for WordPress: from n/a through 1.7.2. | |||||
| CVE-2025-48349 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery allows Stored XSS. This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through 1.1.7. | |||||
| CVE-2025-58213 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14. | |||||
| CVE-2025-58196 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4. | |||||
| CVE-2025-58197 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 / Team Tips and Tricks HQ Simple Download Monitor allows Stored XSS. This issue affects Simple Download Monitor: from n/a through 3.9.34. | |||||