Total
32689 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-56923 | 2025-01-23 | 5.4 Medium | ||
Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription. | ||||
CVE-2024-50514 | 1 Ninjaforms | 1 Ninja Forms | 2025-01-23 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16. | ||||
CVE-2024-50515 | 1 Ninjaforms | 1 Ninja Forms | 2025-01-23 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16. | ||||
CVE-2025-23676 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LH Email allows Reflected XSS. This issue affects LH Email: from n/a through 1.12. | ||||
CVE-2025-23678 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound LocalGrid allows Reflected XSS. This issue affects LocalGrid: from n/a through 1.0.1. | ||||
CVE-2025-23679 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moshiur Rahman Mehedi FP RSS Category Excluder allows Reflected XSS. This issue affects FP RSS Category Excluder: from n/a through 1.0.0. | ||||
CVE-2025-23681 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jannatqualitybacklinks.com REDIRECTION PLUS allows Reflected XSS. This issue affects REDIRECTION PLUS: from n/a through 2.0.0. | ||||
CVE-2025-23758 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0. | ||||
CVE-2025-23769 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2. | ||||
CVE-2025-23770 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1. | ||||
CVE-2024-1997 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-2237 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-2239 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-1996 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-2000 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-2238 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | 6.4 Medium |
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-25709 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-01-23 | 6.1 Medium |
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. | ||||
CVE-2025-23960 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. This issue affects Save & Import Image from URL: from n/a through 0.7. | ||||
CVE-2025-23894 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tatsuya Fukata, Alexander Ovsov wp-flickr-press allows Reflected XSS. This issue affects wp-flickr-press: from n/a through 2.6.4. | ||||
CVE-2025-23836 | 2025-01-23 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SuryaBhan Custom Coming Soon allows Reflected XSS. This issue affects Custom Coming Soon: from n/a through 2.2. |