Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2025-46233 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3. Published: April 22, 2025; 6:15:16 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2025-46229 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2. Published: April 22, 2025; 6:15:15 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2025-46228 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11. Published: April 22, 2025; 6:15:15 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2025-46227 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4. Published: April 22, 2025; 6:15:15 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2025-46226 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0. Published: April 22, 2025; 6:15:15 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2025-46225 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elementor: from n/a through 1.0.1. Published: April 22, 2025; 6:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-12863 |
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. Published: April 21, 2025; 11:15:58 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-3840 |
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions. Published: April 21, 2025; 6:15:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2020-36844 |
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL. Published: April 20, 2025; 6:15:28 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2025-43954 |
QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set. Published: April 20, 2025; 3:15:43 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2025-39469 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantherius Modal Survey allows Reflected XSS.This issue affects Modal Survey: from n/a through 2.0.2.0.1. Published: April 18, 2025; 1:15:33 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39594 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4. Published: April 17, 2025; 12:15:59 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39567 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8. Published: April 17, 2025; 12:15:58 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39562 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72. Published: April 17, 2025; 12:15:57 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39558 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7. Published: April 17, 2025; 12:15:57 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39521 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Reflected XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4. Published: April 17, 2025; 12:15:56 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39519 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtpHarry Bulk Page Stub Creator allows Reflected XSS. This issue affects Bulk Page Stub Creator: from n/a through 1.1. Published: April 17, 2025; 12:15:56 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39464 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar allows Reflected XSS. This issue affects AdminQuickbar: from n/a through 1.9.1. Published: April 17, 2025; 12:15:56 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39455 |
Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location Variables allows Reflected XSS. This issue affects IP2Location Variables: from n/a through 2.9.5. Published: April 17, 2025; 12:15:55 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-39444 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3. Published: April 17, 2025; 12:15:55 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |