Total
37801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53320 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4. | |||||
| CVE-2025-53282 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor allows Stored XSS. This issue affects Thumbnail Editor: from n/a through 2.3.3. | |||||
| CVE-2025-53296 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ecoal95 EC Stars Rating allows Stored XSS. This issue affects EC Stars Rating: from n/a through 1.0.11. | |||||
| CVE-2025-52774 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7. | |||||
| CVE-2025-6488 | 2025-06-30 | N/A | 6.4 MEDIUM | ||
| The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-53287 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Cummings Quick Favicon allows Stored XSS. This issue affects Quick Favicon: from n/a through 0.22.8. | |||||
| CVE-2025-53285 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon allows Stored XSS. This issue affects Add & Replace Affiliate Links for Amazon: from n/a through 1.0.6. | |||||
| CVE-2025-53325 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dilip kumar Beauty Contact Popup Form allows Stored XSS. This issue affects Beauty Contact Popup Form: from n/a through 6.0. | |||||
| CVE-2025-49290 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Reflected XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.4. | |||||
| CVE-2025-53300 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0. | |||||
| CVE-2025-47654 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20. | |||||
| CVE-2025-25173 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1. | |||||
| CVE-2025-53275 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9. | |||||
| CVE-2025-53253 | 2025-06-30 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit allows Stored XSS. This issue affects WP Edit: from n/a through 4.0.4. | |||||
| CVE-2024-12915 | 2025-06-30 | N/A | 4.6 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02. | |||||
| CVE-2025-53336 | 2025-06-30 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through 1.0.3. | |||||
| CVE-2025-53093 | 2025-06-30 | N/A | 8.6 HIGH | ||
| TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag. Version 3.1.1 contains a patch for the bug. | |||||
| CVE-2025-41439 | 2025-06-30 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. | |||||
| CVE-2024-31634 | 1 Xunruicms | 1 Xunruicms | 2025-06-30 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. | |||||
| CVE-2024-4456 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-06-30 | N/A | 4.1 MEDIUM |
| In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | |||||