Total
36841 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4863 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 6.4 MEDIUM |
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2024-30446 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-07 | N/A | 6.5 MEDIUM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. | |||||
CVE-2024-41816 | 1 Boxystudio | 1 Cooked | 2025-02-07 | N/A | 5.4 MEDIUM |
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-10383 | 2025-02-07 | N/A | 8.7 HIGH | ||
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE | |||||
CVE-2022-39197 | 1 Helpsystems | 1 Cobalt Strike | 2025-02-07 | N/A | 6.1 MEDIUM |
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed). | |||||
CVE-2025-25159 | 2025-02-07 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10. | |||||
CVE-2025-25144 | 2025-02-07 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. | |||||
CVE-2025-25136 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. | |||||
CVE-2025-25117 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. | |||||
CVE-2025-25105 | 2025-02-07 | N/A | 5.9 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | |||||
CVE-2025-25098 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2. | |||||
CVE-2025-25097 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. | |||||
CVE-2025-25096 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. | |||||
CVE-2025-25095 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. | |||||
CVE-2025-25094 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4. | |||||
CVE-2025-25091 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7. | |||||
CVE-2025-25085 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. | |||||
CVE-2025-25082 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2. | |||||
CVE-2025-25080 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | |||||
CVE-2025-25079 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2. |