Total
36573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31638 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7. | |||||
| CVE-2025-47477 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule allows Reflected XSS. This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.23. | |||||
| CVE-2025-31061 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0. | |||||
| CVE-2025-48143 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14. | |||||
| CVE-2025-47487 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1. | |||||
| CVE-2025-32305 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit FlatNews allows Reflected XSS. This issue affects FlatNews: from n/a through 5.8. | |||||
| CVE-2025-46041 | 2025-06-12 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). | |||||
| CVE-2025-5887 | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-39539 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quitenicestuff Soho Hotel allows Reflected XSS. This issue affects Soho Hotel: from n/a through 4.2.5. | |||||
| CVE-2025-49137 | 2025-06-12 | N/A | 8.5 HIGH | ||
| HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue. | |||||
| CVE-2025-48279 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta. | |||||
| CVE-2025-5886 | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-31925 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT allows Reflected XSS. This issue affects SHOUT: from n/a through 3.5.3. | |||||
| CVE-2025-31917 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player allows Reflected XSS. This issue affects Universal Video Player: from n/a through 3.8.3. | |||||
| CVE-2025-5742 | 2025-06-12 | N/A | 5.4 MEDIUM | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server | |||||
| CVE-2025-3117 | 2025-06-12 | N/A | 5.4 MEDIUM | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. | |||||
| CVE-2025-23192 | 2025-06-12 | N/A | 8.2 HIGH | ||
| SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability. | |||||
| CVE-2025-3076 | 2025-06-12 | N/A | 6.4 MEDIUM | ||
| The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4774 | 2025-06-12 | N/A | 6.4 MEDIUM | ||
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-42990 | 2025-06-12 | N/A | 3.0 LOW | ||
| Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted. | |||||