Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2025-46595 |
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provided by the flag module. This can allow crafted HTML to result in Cross Site Scripting. This is mitigated by the fact that an attacker must have a role with permission to create links on the website, for example: create or edit comments or content with a filtered text format. Published: April 24, 2025; 11:15:20 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46547 |
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. Published: April 24, 2025; 11:15:20 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46545 |
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires. Published: April 24, 2025; 11:15:20 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-43861 |
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc. Published: April 24, 2025; 5:15:24 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46542 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3. Published: April 24, 2025; 12:15:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46541 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1. Published: April 24, 2025; 12:15:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46540 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5. Published: April 24, 2025; 12:15:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46538 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0. Published: April 24, 2025; 12:15:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46536 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46534 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover allows DOM-Based XSS. This issue affects Image Style Hover: from n/a through 1.0.6. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46533 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46532 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip allows DOM-Based XSS. This issue affects Tooltip: from n/a through 1.0.1. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46530 |
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46529 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StressFree Sites Business Contact Widget allows Stored XSS. This issue affects Business Contact Widget: from n/a through 2.7.0. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46528 |
Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4. Published: April 24, 2025; 12:15:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46525 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in msmitley WP Cookie Consent allows Stored XSS. This issue affects WP Cookie Consent: from n/a through 1.0. Published: April 24, 2025; 12:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46524 |
Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4. Published: April 24, 2025; 12:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46523 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers allows Stored XSS. This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through 1.5.1. Published: April 24, 2025; 12:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46522 |
Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3. Published: April 24, 2025; 12:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2025-46521 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silver Muru WS Force Login Page allows Stored XSS. This issue affects WS Force Login Page: from n/a through 3.0.3. Published: April 24, 2025; 12:15:43 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |