ReportizFlow
Filtered by vendor
Subscriptions
Total
43807 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34441 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2. | ||||
| CVE-2025-14830 | 1 Jfrog | 1 Artifactory | 2026-04-15 | 4.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10. | ||||
| CVE-2023-32237 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | ||||
| CVE-2025-52133 | 1 Xwiki | 1 Mocca Calendar | 2026-04-15 | 6.4 Medium |
| The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import. | ||||
| CVE-2023-7251 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901. | ||||
| CVE-2024-30432 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider - Slider for your block editor allows Stored XSS.This issue affects B Slider - Slider for your block editor: from n/a through 1.1.12. | ||||
| CVE-2022-50908 | 1 Mailhog | 1 Mailhog | 2026-04-15 | 7.2 High |
| Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation. | ||||
| CVE-2024-30436 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1. | ||||
| CVE-2024-30439 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9. | ||||
| CVE-2024-30447 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Solutions Creative Image Slider – Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider – Responsive Slider Plugin: from n/a through 2.1.3. | ||||
| CVE-2024-30448 | 2026-04-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. | ||||
| CVE-2024-29933 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | ||||
| CVE-2024-29936 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. | ||||
| CVE-2024-6770 | 1 Vikasratudi | 1 Lifetime Free Drag \& Drop Contact Form Builder For Wordpress Vform | 2026-04-15 | 7.2 High |
| The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-13584 | 1 Eigenfocus | 1 Eigenfocus | 2026-04-15 | 3.5 Low |
| A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.1 is able to resolve this issue. The identifier of the patch is 7dec94c9d1f3e513e0ee38ba68caaba628e08582. Upgrading the affected component is advised. | ||||
| CVE-2025-67712 | 1 Esri | 1 Arcgis | 2026-04-15 | 4.7 Medium |
| There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript execution, which limits the impact. At the time of submission, ArcGIS Web App Builder developer edition is retired and unsupported. ArcGIS Web App Builder 2.30 is not susceptible to this vulnerability. | ||||
| CVE-2024-22149 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. | ||||
| CVE-2024-27609 | 2026-04-15 | 6.5 Medium | ||
| Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel. | ||||
| CVE-2024-12060 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12271 | 2026-04-15 | 4.4 Medium | ||
| The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||