ReportizFlow
Filtered by vendor
Subscriptions
Total
43820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10340 | 1 Whatcd | 1 Gazelle | 2026-04-15 | 3.5 Low |
| A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | ||||
| CVE-2025-11872 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-25700 | 2026-04-15 | 4.8 Medium | ||
| There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. | ||||
| CVE-2020-36853 | 2 10web, Wordpress | 2 Map Builder For Google Maps, Wordpress | 2026-04-15 | 7.2 High |
| The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49768 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10. | ||||
| CVE-2023-49780 | 2026-04-15 | N/A | ||
| Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product. | ||||
| CVE-2025-53865 | 1 Roundup-tracker | 1 Roundup | 2026-04-15 | 6.4 Medium |
| In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive). | ||||
| CVE-2023-42427 | 1 Japan System Techniques | 1 Universal Passport Rx | 2026-04-15 | 6.5 Medium |
| Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the product. | ||||
| CVE-2020-36978 | 1 Froxlor | 1 Froxlor | 2026-04-15 | 6.4 Medium |
| Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules. | ||||
| CVE-2024-7485 | 1 Kaizencoders | 1 Traffic Manager | 2026-04-15 | 7.2 High |
| The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3448 | 1 Br-automation | 1 Automation Runtime | 2026-04-15 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session | ||||
| CVE-2023-28120 | 1 Redhat | 1 Logging | 2026-04-15 | 5.3 Medium |
| There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | ||||
| CVE-2024-29924 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2. | ||||
| CVE-2024-11463 | 2026-04-15 | 6.1 Medium | ||
| The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2025-24539 is a possible duplicate of this issue. | ||||
| CVE-2022-50941 | 1 Mrplugins | 1 Bootcommerce | 2026-04-15 | 6.4 Medium |
| BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation. | ||||
| CVE-2023-25364 | 2026-04-15 | 6.1 Medium | ||
| Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. | ||||
| CVE-2024-29794 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. | ||||
| CVE-2024-29775 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1. | ||||
| CVE-2025-23078 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4. | ||||
| CVE-2024-33952 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0. | ||||