ReportizFlow
Filtered by vendor
Subscriptions
Total
43801 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25367 | 1 Arangodb | 1 Arangodb Community Edition | 2026-04-15 | 5.4 Medium |
| ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript in authenticated users' browsers. | ||||
| CVE-2025-67949 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6. | ||||
| CVE-2024-12528 | 2026-04-15 | 6.4 Medium | ||
| The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2020-3532 | 2026-04-15 | N/A | ||
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | ||||
| CVE-2024-12443 | 2026-04-15 | 6.4 Medium | ||
| The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2019-25265 | 1 Bigprof | 1 Online Inventory Manager | 2026-04-15 | 6.4 Medium |
| Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution. | ||||
| CVE-2019-25263 | 1 Sweethawk | 1 Zendesk App Sweethawk Survey | 2026-04-15 | 6.4 Medium |
| Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users. | ||||
| CVE-2025-62664 | 1 Mediawiki | 1 Mediawiki | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ImageRating Extension allows Stored XSS.This issue affects Mediawiki - ImageRating Extension: from master before 1.39. | ||||
| CVE-2025-61657 | 1 Wikimedia | 1 Vector | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from * before 1.43.4, 1.44.1. | ||||
| CVE-2015-10131 | 2026-04-15 | 3.5 Low | ||
| A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620. | ||||
| CVE-2024-12323 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link while logged in to turboSMTP. | ||||
| CVE-2024-12258 | 2026-04-15 | 6.1 Medium | ||
| The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-39828 | 2026-04-15 | 6.1 Medium | ||
| R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29. | ||||
| CVE-2024-12222 | 2026-04-15 | 6.1 Medium | ||
| The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12165 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-36043 | 2026-04-15 | 6.1 Medium | ||
| question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. | ||||
| CVE-2024-10332 | 2026-04-15 | 6.1 Medium | ||
| A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”. | ||||
| CVE-2024-12221 | 2026-04-15 | 6.1 Medium | ||
| The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12156 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-29766 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5. | ||||