Total
40867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53459 | 1 Sysax | 1 Multi Server | 2025-09-24 | 6.1 Medium |
| Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. | ||||
| CVE-2024-13199 | 1 Mtons | 1 Mblog | 2025-09-24 | 3.5 Low |
| A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8902 | 2025-09-24 | 6.4 Medium | ||
| The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'do_sidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-58915 | 2 Emarket-design, Wordpress | 2 Youtube Showcase, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.0. | ||||
| CVE-2025-50859 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter. | ||||
| CVE-2025-50858 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.1 Medium |
| Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter. | ||||
| CVE-2023-3726 | 1 Ocsinventory-ng | 1 Ocsinventory-ocsreports | 2025-09-24 | 6.9 Medium |
| OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | ||||
| CVE-2025-57959 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmatsuur Slightly troublesome permalink allows Stored XSS. This issue affects Slightly troublesome permalink: from n/a through 1.2.0. | ||||
| CVE-2023-2507 | 1 Clevertap | 1 Clevertap | 2025-09-24 | 9.3 Critical |
| CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them. | ||||
| CVE-2025-57956 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12. | ||||
| CVE-2025-57954 | 2 Ays-pro, Wordpress | 2 Poll Maker, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1. | ||||
| CVE-2025-57953 | 2 100plugins, Wordpress | 2 Open User Map, Wordpress | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14. | ||||
| CVE-2025-57952 | 2 Icopydoc, Wordpress | 2 Maps For Wp, Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.5. | ||||
| CVE-2025-57951 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ken107 SiteNarrator Text-to-Speech Widget allows Stored XSS. This issue affects SiteNarrator Text-to-Speech Widget: from n/a through 1.9. | ||||
| CVE-2025-57950 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Glen Scott Plugin Security Scanner allows Stored XSS. This issue affects Plugin Security Scanner: from n/a through 2.0.2. | ||||
| CVE-2025-57941 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JonathanMH Append Link on Copy allows Stored XSS. This issue affects Append Link on Copy: from n/a through 0.2. | ||||
| CVE-2025-57940 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Kumar Mukhiya Append extensions on Pages allows Stored XSS. This issue affects Append extensions on Pages: from n/a through 1.1.2. | ||||
| CVE-2025-57929 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kanwei_doublethedonation Double the Donation allows Stored XSS. This issue affects Double the Donation: from n/a through 2.0.0. | ||||
| CVE-2025-57926 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2025-09-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster allows Stored XSS. This issue affects Passster: from n/a through 4.2.18. | ||||
| CVE-2025-53504 | 2 Group-office, Intermesh | 2 Group Office, Group-office | 2025-09-24 | N/A |
| Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||