Total
38516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7569 | 2025-07-15 | 3.5 Low | ||
| A vulnerability was found in Bigotry OneBase up to 1.3.6. It has been declared as problematic. Affected by this vulnerability is the function parse_args of the file /tpl/think_exception.tpl. The manipulation of the argument args leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-53865 | 1 Roundup-tracker | 1 Roundup | 2025-07-15 | 6.4 Medium |
| In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive). | ||||
| CVE-2025-47604 | 2 Data443, Wordpress | 2 Inline Related Posts, Wordpress | 2025-07-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Inline Related Posts allows Stored XSS. This issue affects Inline Related Posts: from n/a through 3.8.0. | ||||
| CVE-2024-50462 | 2 Fla-shop, Wordpress | 2 Interactive World Map, Wordpress | 2025-07-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fla-shop Interactive World Map allows Stored XSS.This issue affects Interactive World Map: from n/a through 3.4.4. | ||||
| CVE-2025-47509 | 1 Wordpress | 1 Wordpress | 2025-07-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0. | ||||
| CVE-2024-50431 | 2 Cloudways, Wordpress | 2 Breeze, Wordpress | 2025-07-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14. | ||||
| CVE-2024-54257 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3. | ||||
| CVE-2024-55864 | 1 Wordpress | 1 Wordpress | 2025-07-14 | N/A |
| Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page. | ||||
| CVE-2025-20250 | 1 Cisco | 1 Webex Meetings | 2025-07-14 | 6.1 Medium |
| A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | ||||
| CVE-2025-20247 | 1 Cisco | 1 Webex Meetings | 2025-07-14 | 6.1 Medium |
| A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | ||||
| CVE-2025-20246 | 1 Cisco | 1 Webex Meetings | 2025-07-14 | 6.1 Medium |
| A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user. | ||||
| CVE-2025-6430 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2025-07-14 | 6.1 Medium |
| When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | ||||
| CVE-2024-53679 | 1 Apache | 1 Vcl | 2025-07-14 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights. This issue affects all versions of Apache VCL through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue. | ||||
| CVE-2024-11824 | 1 Langgenius | 1 Dify | 2025-07-14 | 7.6 High |
| A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information. This issue is fixed in version 0.12.1. | ||||
| CVE-2024-11684 | 2 Iseard, Wordpress | 2 Kudos Donations, Wordpress | 2025-07-14 | 6.1 Medium |
| The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-3100 | 1 Wedevs | 1 Wp Project Manager | 2025-07-14 | 6.4 Medium |
| The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-5528 | 1 Heateor | 1 Sassy Social Share | 2025-07-14 | 6.1 Medium |
| The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link. | ||||
| CVE-2025-2918 | 1 Dotcamp | 1 Ultimate Blocks | 2025-07-14 | 6.4 Medium |
| The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22243 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 7.5 High |
| VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | ||||
| CVE-2025-22244 | 2 Broadcom, Vmware | 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more | 2025-07-14 | 6.9 Medium |
| VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | ||||