Total
38539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8426 | 1 Pagelayer | 1 Pagelayer | 2025-05-27 | N/A | 4.8 MEDIUM |
| The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2024-8618 | 1 Pagelayer | 1 Pagelayer | 2025-05-27 | N/A | 4.8 MEDIUM |
| The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-3201 | 1 Kaliforms | 1 Kali Forms | 2025-05-27 | N/A | 5.9 MEDIUM |
| The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-47378 | 1 Wpcom | 1 Wpcom Member | 2025-05-27 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. | |||||
| CVE-2023-26771 | 1 Taskcafe Project | 1 Taskcafe | 2025-05-27 | N/A | 6.5 MEDIUM |
| Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. | |||||
| CVE-2022-37246 | 1 Craftcms | 1 Craft Cms | 2025-05-27 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | |||||
| CVE-2022-28978 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-27 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name. | |||||
| CVE-2024-46333 | 1 Piwigo | 1 Piwigo | 2025-05-27 | N/A | 4.8 MEDIUM |
| An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function. | |||||
| CVE-2024-43151 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-27 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. | |||||
| CVE-2024-43156 | 1 Addonmaster | 1 Post Grid Master | 2025-05-27 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | |||||
| CVE-2024-6724 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2025-05-27 | N/A | 4.8 MEDIUM |
| The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2025-32951 | 2025-05-27 | N/A | 6.4 MEDIUM | ||
| Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | |||||
| CVE-2022-38550 | 1 Jeesns | 1 Jeesns | 2025-05-27 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-28982 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag. | |||||
| CVE-2022-28980 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. | |||||
| CVE-2025-32984 | 1 Netscout | 1 Ngeniusone | 2025-05-27 | N/A | 6.1 MEDIUM |
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | |||||
| CVE-2024-32580 | 1 Averta | 1 Master Slider | 2025-05-27 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8. | |||||
| CVE-2024-37222 | 1 Averta | 1 Master Slider | 2025-05-27 | N/A | 7.1 HIGH |
| Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. | |||||
| CVE-2023-49485 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-05-27 | N/A | 5.4 MEDIUM |
| JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | |||||
| CVE-2023-46494 | 1 Evershop | 1 Evershop | 2025-05-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | |||||