Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-39344 | 2026-04-07 | N/A | 8.1 HIGH | ||
| ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly displayed in the login page input element without filter, allowing attackers to insert malicious JavaScript scripts. If successful, script can be executed on the client side, potentially stealing sensitive data such as session cookies or replacing the display to show the attacker's login form. This vulnerability is fixed in 7.1.0. | |||||
| CVE-2026-35460 | 2026-04-07 | N/A | 4.3 MEDIUM | ||
| Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected into the verification and password reset email bodies. Since emails are sent from the legitimate domain (e.g: auth@mail.papra.app), this enables convincing phishing attacks that appear to originate from official Papra notifications. This vulnerability is fixed in 26.4.0. | |||||
| CVE-2025-66486 | 1 Ibm | 1 Aspera Shares | 2026-04-03 | N/A | 4.8 MEDIUM |
| IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-60100 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through < 9.6. | |||||
| CVE-2025-59573 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks cozy-addons allows Code Injection.This issue affects Cozy Blocks: from n/a through <= 2.1.29. | |||||
| CVE-2025-57928 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through <= 4.4.3. | |||||
| CVE-2025-54698 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | |||||
| CVE-2025-39524 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player html5-audio-player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through <= 2.2.28. | |||||
| CVE-2025-32230 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0. | |||||
| CVE-2025-31604 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Cal.com Cal.com cal-com allows Stored XSS.This issue affects Cal.com: from n/a through <= 1.0.0. | |||||
| CVE-2025-31575 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through <= 2.2. | |||||
| CVE-2025-31075 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments paid-membership allows Stored XSS.This issue affects MicroPayments: from n/a through <= 2.9.29. | |||||
| CVE-2025-27358 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Code Injection.This issue affects Frontend File Manager: from n/a through <= 23.6. | |||||
| CVE-2025-24680 | 1 Wpexperts | 1 Wp Multi Store Locator | 2026-04-01 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7. | |||||
| CVE-2025-24678 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a through <= 2.3.4. | |||||
| CVE-2025-24673 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through <= 0.1.2. | |||||
| CVE-2025-23919 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through <= 0.0.39. | |||||
| CVE-2025-22501 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City improve-my-city allows Reflected XSS.This issue affects Improve My City: from n/a through <= 1.6. | |||||
| CVE-2024-54223 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-04-01 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in reputeinfosystems ARForms Form Builder arforms-form-builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through <= 1.7.1. | |||||
| CVE-2024-51689 | 2026-04-01 | N/A | N/A | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through <= 1.6.8. | |||||