Total
38528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47458 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9. | |||||
| CVE-2025-47680 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06. | |||||
| CVE-2025-46456 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5. | |||||
| CVE-2025-48245 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1. | |||||
| CVE-2025-48286 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209. | |||||
| CVE-2025-46526 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5. | |||||
| CVE-2024-13950 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2025-46440 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4. | |||||
| CVE-2025-46487 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3. | |||||
| CVE-2025-47678 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2. | |||||
| CVE-2025-46537 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1. | |||||
| CVE-2025-1123 | 2025-05-23 | N/A | 7.2 HIGH | ||
| The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-46446 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1. | |||||
| CVE-2025-46518 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3. | |||||
| CVE-2025-39505 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4. | |||||
| CVE-2024-5962 | 2025-05-23 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking. | |||||
| CVE-2025-46448 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24. | |||||
| CVE-2025-48241 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3. | |||||
| CVE-2025-46493 | 2025-05-23 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3. | |||||
| CVE-2025-3894 | 2025-05-23 | N/A | N/A | ||
| Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue. | |||||