Total
43489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22793 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through <= 3.1.4. | |||||
| CVE-2025-22754 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4. | |||||
| CVE-2025-22711 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0. | |||||
| CVE-2025-22650 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Smartarget: from n/a through <= 1.5.3. | |||||
| CVE-2025-22353 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bvads BVD Easy Gallery Manager bvd-easy-gallery-manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through <= 1.0.6. | |||||
| CVE-2025-22295 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6. | |||||
| CVE-2024-49316 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1. | |||||
| CVE-2024-49248 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37. | |||||
| CVE-2024-49240 | 1 Agustinberasategui | 1 Ab Categories Search Widget | 2026-04-29 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajberasategui AB Categories Search Widget ab-categories-search-widget allows Reflected XSS.This issue affects AB Categories Search Widget : from n/a through <= 0.2.5. | |||||
| CVE-2024-49239 | 1 Nikhilvaghela | 1 Add Categories Post Footer | 2026-04-29 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nikhilvaghela Add Categories Post Footer add-categories-post-footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through <= 2.2.2. | |||||
| CVE-2024-49238 | 1 Dh9sb.dx-info | 1 Adif Log Search Widget | 2026-04-29 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emka73 ADIF Log Search Widget adif-log-search-widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through <= 1.0f. | |||||
| CVE-2024-49230 | 1 Harpreetsingh | 1 Ajax Custom Css\/js | 2026-04-29 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through <= 2.0.4. | |||||
| CVE-2024-49224 | 1 Maheshpatel | 1 Mitm Bug Tracker | 2026-04-29 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mahesh_9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through <= 1.0. | |||||
| CVE-2023-49158 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4. | |||||
| CVE-2023-47759 | 1 Premio | 1 Chaty | 2026-04-29 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty chaty allows DOM-Based XSS.This issue affects Chaty: from n/a through <= 3.1.2. | |||||
| CVE-2023-47185 | 1 Gvectors | 1 Wpdiscuz | 2026-04-29 | N/A | 7.1 HIGH |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. | |||||
| CVE-2023-46783 | 1 Brightplugins | 1 Pre-orders For Woocommerce | 2026-04-29 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions. | |||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2026-04-29 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | |||||
| CVE-2010-2536 | 1 Adjam | 1 Rekonq | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history. | |||||
| CVE-2012-0678 | 1 Apple | 1 Safari | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. | |||||