Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2025-46451 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Floating Social Bar allows Stored XSS. This issue affects Floating Social Bar: from n/a through 1.1.7. Published: April 24, 2025; 12:15:36 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46450 |
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows Stored XSS. This issue affects occupancyplan: from n/a through 1.0.3.0. Published: April 24, 2025; 12:15:36 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46449 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips allows Stored XSS. This issue affects WoWHead Tooltips: from n/a through 2.0.1. Published: April 24, 2025; 12:15:35 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46447 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFable Fable Extra allows DOM-Based XSS. This issue affects Fable Extra: from n/a through 1.0.6. Published: April 24, 2025; 12:15:35 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46445 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pReya External Markdown allows Stored XSS. This issue affects External Markdown: from n/a through 0.0.1. Published: April 24, 2025; 12:15:35 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46442 |
Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3. Published: April 24, 2025; 12:15:35 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46438 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in warmwhisky GTDB Guitar Tuners allows Stored XSS. This issue affects GTDB Guitar Tuners: from n/a through 4.2.2. Published: April 24, 2025; 12:15:34 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46435 |
Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2. Published: April 24, 2025; 12:15:34 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46261 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0. Published: April 24, 2025; 12:15:34 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46260 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1. Published: April 24, 2025; 12:15:34 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46234 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1. Published: April 24, 2025; 12:15:33 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39408 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4. Published: April 24, 2025; 12:15:33 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39400 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a. Published: April 24, 2025; 12:15:32 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39397 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in [email protected] Anything Popup allows Reflected XSS. This issue affects Anything Popup: from n/a through 7.3. Published: April 24, 2025; 12:15:32 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39382 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danielpataki ACF: Google Font Selector allows Reflected XSS. This issue affects ACF: Google Font Selector: from n/a through 3.0.1. Published: April 24, 2025; 12:15:31 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39381 |
Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4. Published: April 24, 2025; 12:15:31 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-2703 |
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. Published: April 23, 2025; 8:15:16 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-43952 |
A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter. Published: April 22, 2025; 2:16:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-23175 |
Multiple XSS (CWE-79) Published: April 22, 2025; 9:15:42 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46254 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0. Published: April 22, 2025; 6:15:20 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |