Total
34530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51624 | 2025-03-28 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0. | |||||
| CVE-2025-31437 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP allows Stored XSS. This issue affects WP-OGP: from n/a through 1.0.5. | |||||
| CVE-2025-31453 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6. | |||||
| CVE-2025-31470 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6. | |||||
| CVE-2025-28253 | 2025-03-28 | N/A | 6.1 MEDIUM | ||
| Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST['sites'], $_POST['clients'], and $_POST['search'] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts. | |||||
| CVE-2025-31473 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3. | |||||
| CVE-2025-31451 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kevinweber wBounce allows Stored XSS. This issue affects wBounce: from n/a through 1.8.1. | |||||
| CVE-2025-2868 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php. | |||||
| CVE-2025-31472 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0. | |||||
| CVE-2025-31096 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX allows DOM-Based XSS. This issue affects PostX: from n/a through 4.1.25. | |||||
| CVE-2025-31450 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box allows Stored XSS. This issue affects Toggle Box: from n/a through 1.6. | |||||
| CVE-2025-2869 | 2025-03-28 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manage_user.php. | |||||
| CVE-2025-31464 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6. | |||||
| CVE-2024-12772 | 1 Wpmanageninja | 1 Ninja Tables | 2025-03-28 | N/A | 5.4 MEDIUM |
| The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. | |||||
| CVE-2024-57175 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-28 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. | |||||
| CVE-2024-29473 | 2025-03-28 | N/A | 6.1 MEDIUM | ||
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | |||||
| CVE-2024-25898 | 1 Churchcrm | 1 Churchcrm | 2025-03-28 | N/A | 6.1 MEDIUM |
| A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. | |||||
| CVE-2023-22971 | 1 Hughes | 10 Hn7000s, Hn7000s Firmware, Hn9460 and 7 more | 2025-03-28 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. | |||||
| CVE-2024-44918 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 3.5 LOW |
| A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-12983 | 1 Fabianros | 1 Hospital Management System | 2025-03-28 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||