Total
36937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7228 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-28 | N/A | 6.1 MEDIUM |
| The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. | |||||
| CVE-2023-49225 | 1 Ruckuswireless | 74 C110, C110 Firmware, E510 and 71 more | 2025-05-28 | N/A | 6.1 MEDIUM |
| A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | |||||
| CVE-2022-40029 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-40028 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 4.8 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter. | |||||
| CVE-2022-40027 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-05-28 | N/A | 6.1 MEDIUM |
| SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter. | |||||
| CVE-2022-30578 | 1 Tibco | 1 Ebx Add-ons | 2025-05-28 | N/A | 8.0 HIGH |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below. | |||||
| CVE-2025-47931 | 1 Librenms | 1 Librenms | 2025-05-28 | N/A | 6.1 MEDIUM |
| LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue. | |||||
| CVE-2025-4939 | 1 Phpgurukul | 1 Credit Card Application Management System | 2025-05-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51106 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-28 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. | |||||
| CVE-2024-3669 | 1 Salephpscripts | 1 Web Directory Free | 2025-05-28 | N/A | 6.8 MEDIUM |
| The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2024-4096 | 1 Wpdarko | 1 Responsive Tabs | 2025-05-28 | N/A | 5.9 MEDIUM |
| The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-5809 | 1 Masdiblogs | 1 Wp Ajax Contact Form | 2025-05-28 | N/A | 6.1 MEDIUM |
| The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users | |||||
| CVE-2024-6884 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-27 | N/A | 5.4 MEDIUM |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-32174 | 1 Gogs | 1 Gogs | 2025-05-27 | N/A | 9.0 CRITICAL |
| In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | |||||
| CVE-2024-6158 | 2 Tiptoppress, Zephyrwest | 2 Term And Category Based Posts Widget, Category Posts Widget | 2025-05-27 | N/A | 4.8 MEDIUM |
| The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-6843 | 1 Webdigit | 1 Chatbot With Chatgpt | 2025-05-27 | N/A | 6.1 MEDIUM |
| The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins | |||||
| CVE-2022-28979 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-27 | N/A | 6.1 MEDIUM |
| Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. | |||||
| CVE-2023-7230 | 1 Evanliewer | 1 Illi Link Party\! | 2025-05-27 | N/A | 6.1 MEDIUM |
| The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. | |||||
| CVE-2024-6718 | 1 Freebiesdownload | 1 Pvn Auth Popup | 2025-05-27 | N/A | 5.4 MEDIUM |
| The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-8095 | 1 Ryanchristenson | 1 Babeiz | 2025-05-27 | N/A | 6.1 MEDIUM |
| The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||