ReportizFlow
Filtered by vendor
Subscriptions
Total
45049 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24135 | 1 Remyandrade | 1 Product Inventory With Export To Excel | 2025-06-05 | 6.1 Medium |
| Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. | ||||
| CVE-2024-24131 | 1 Superwebmailer | 1 Superwebmailer | 2025-06-05 | 6.1 Medium |
| SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. | ||||
| CVE-2022-2669 | 1 Wp Taxonomy Import Project | 1 Wp Taxonomy Import | 2025-06-05 | 6.1 Medium |
| The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2654 | 1 Radiustheme | 4 Classified Listing, Classified Listing Store \& Membership, Classima and 1 more | 2025-06-05 | 6.1 Medium |
| The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2024-22548 | 1 Flycms Project | 1 Flycms | 2025-06-05 | 5.4 Medium |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | ||||
| CVE-2024-22496 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-05 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | ||||
| CVE-2024-22491 | 1 Beetl-bbs Project | 1 Beetl-bbs | 2025-06-05 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | ||||
| CVE-2024-22075 | 1 Firefly-iii | 1 Firefly Iii | 2025-06-05 | 6.1 Medium |
| Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | ||||
| CVE-2024-22720 | 1 Kanboard | 1 Kanboard | 2025-06-05 | 4.8 Medium |
| Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. | ||||
| CVE-2024-5409 | 1 Saltos | 1 Rhinos | 2025-06-05 | 7.1 High |
| RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details. | ||||
| CVE-2024-5408 | 1 Saltos | 1 Rhinos | 2025-06-05 | 7.1 High |
| Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL. | ||||
| CVE-2025-3649 | 1 Lightpress | 1 Lightbox | 2025-06-05 | 6.8 Medium |
| The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks. | ||||
| CVE-2024-13384 | 1 Robosoft | 1 Robo Gallery | 2025-06-05 | 4.8 Medium |
| The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-2869 | 1 Realestateconnected | 1 Easy Property Listings | 2025-06-05 | 4.8 Medium |
| The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6665 | 1 Optimalaccess | 1 Kbucket | 2025-06-05 | 4.8 Medium |
| The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6667 | 1 Optimalaccess | 1 Kbucket | 2025-06-05 | 6.1 Medium |
| The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin. | ||||
| CVE-2024-9227 | 1 Blubrry | 1 Powerpress | 2025-06-05 | 4.8 Medium |
| The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2025-45387 | 1 Osticket | 1 Osticket | 2025-06-05 | 5.4 Medium |
| osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php. | ||||
| CVE-2025-3584 | 1 Thenewsletterplugin | 1 Newsletter | 2025-06-05 | 4.8 Medium |
| The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3662 | 1 Colorlib | 1 Fancybox | 2025-06-05 | 6.1 Medium |
| The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS | ||||