Export limit exceeded: 335338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43896 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24558 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | ||||
| CVE-2026-24550 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15. | ||||
| CVE-2026-24594 | 2 Livemesh, Wordpress | 2 Addons For Wpbakery Page Builder, Wordpress | 2026-01-26 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4. | ||||
| CVE-2025-2204 | 1 Tapandsign | 1 Tap&sign | 2026-01-26 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14069 | 2 Magazine3, Wordpress | 2 Schema & Structured Data For Wp & Amp, Wordpress | 2026-01-26 | 6.4 Medium |
| The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to, and including, 1.54 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-0914 | 2 Legalweb, Wordpress | 2 Wp Dsgvo Tools, Wordpress | 2026-01-26 | 6.4 Medium |
| The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-15522 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2026-01-26 | 6.4 Medium |
| The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output escaping on the verified_message parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user with a verified Discord account accesses the injected page. | ||||
| CVE-2020-36931 | 1 Click2magic | 1 Click2magic | 2026-01-26 | 6.4 Medium |
| Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests. | ||||
| CVE-2021-47905 | 1 Vintagedaddyo | 1 Mybb Delete Account Plugin | 2026-01-26 | 6.1 Medium |
| MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons. | ||||
| CVE-2021-47892 | 1 Peel | 1 Peel Shopping | 2026-01-26 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. | ||||
| CVE-2018-25132 | 1 Zainali99 | 1 Mybb Trending Widget Plugin | 2026-01-26 | 6.1 Medium |
| MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget. | ||||
| CVE-2018-25116 | 1 Jamiesage123 | 1 Mybb Thread Redirect Plugin | 2026-01-26 | 6.1 Medium |
| MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution. | ||||
| CVE-2021-47906 | 1 Bloofoxcms | 1 Bloofoxcms | 2026-01-26 | 6.4 Medium |
| BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies. | ||||
| CVE-2021-47897 | 1 Peel | 1 Peel Shopping | 2026-01-26 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution. | ||||
| CVE-2025-54890 | 1 Centreon | 2 Centreon, Centreon Web | 2026-01-26 | 6.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29. | ||||
| CVE-2024-2301 | 1 Hp | 28 Cz172a, Cz172a Firmware, Cz173a and 25 more | 2026-01-26 | 7.6 High |
| Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. | ||||
| CVE-2025-10023 | 1 Centreon | 2 Centreon, Centreon Web | 2026-01-26 | 6.2 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | ||||
| CVE-2025-0104 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft. | ||||
| CVE-2025-22315 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Typing Text | 2026-01-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. | ||||
| CVE-2025-24732 | 1 Reputeinfosystems | 1 Bookingpress | 2026-01-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25. | ||||