Total
37684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26731 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARPrice allows Stored XSS.This issue affects ARPrice: from n/a through 4.1.3. | |||||
| CVE-2025-30813 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5. | |||||
| CVE-2025-26738 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through 3.1.3. | |||||
| CVE-2025-30850 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex allows Stored XSS. This issue affects Dr. Flex: from n/a through 2.0.0. | |||||
| CVE-2025-30922 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder allows Stored XSS. This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through 1.1.1. | |||||
| CVE-2025-30860 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows DOM-Based XSS. This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.2. | |||||
| CVE-2025-22660 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wolfgang Include Mastodon Feed allows DOM-Based XSS.This issue affects Include Mastodon Feed: from n/a through 1.9.9. | |||||
| CVE-2025-30900 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0. | |||||
| CVE-2025-22628 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2. | |||||
| CVE-2025-22640 | 2025-03-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through 2.3.3. | |||||
| CVE-2025-0811 | 2025-03-27 | N/A | 8.7 HIGH | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. | |||||
| CVE-2025-30904 | 2025-03-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7. | |||||
| CVE-2025-26736 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viktoras MorningTime Lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through 1.3.2. | |||||
| CVE-2025-26762 | 2025-03-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. | |||||
| CVE-2025-30832 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2. | |||||
| CVE-2025-26732 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BurgerThemes StoreBiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through 1.0.32. | |||||
| CVE-2025-26734 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peregrinethemes Hester allows Stored XSS.This issue affects Hester: from n/a through 1.1.10. | |||||
| CVE-2025-30893 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector allows DOM-Based XSS. This issue affects LeadConnector: from n/a through 3.0.2. | |||||
| CVE-2025-27793 | 2025-03-27 | N/A | N/A | ||
| Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the `vega-interpreter`. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use `vega` with expression interpreter. | |||||
| CVE-2025-26737 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5. | |||||