Total
44576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5800 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5797 | 1 Code-projects | 1 Simple Laundry System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5796 | 1 Code-projects | 1 Simple Laundry System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5770 | 1 Wso2 | 3 Api Control Plane, Api Manager, Identity Server | 2026-06-17 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling browser-based attacks. Exploitation may result in redirection to malicious websites, UI manipulation, or unauthorized data access from the victim’s browser. However, session-related cookies are protected with the httpOnly flag, which mitigates session hijacking via this vector. | |||||
| CVE-2025-5767 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5765 | 1 Code-projects | 1 Simple Laundry System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5764 | 1 Code-projects | 1 Simple Laundry System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5757 | 1 Carmelo | 1 Traffic Offense Reporting System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5754 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5753 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5752 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5742 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server | |||||
| CVE-2025-5730 | 1 Ghozylab | 1 Contact Form | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-5727 | 1 Razormist | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5726 | 1 Razormist | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5725 | 1 Munyweki | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5724 | 1 Munyweki | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5723 | 1 Munyweki | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5722 | 1 Munyweki | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5721 | 1 Razormist | 1 Student Result Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||