Export limit exceeded: 43992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47356 | 2 Catchthemes, Wordpress | 2 Create, Wordpress | 2026-01-09 | 5.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. | ||||
| CVE-2025-22644 | 1 Themehunk | 1 Vayu Blocks | 2026-01-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1. | ||||
| CVE-2024-33537 | 2 Themehorse, Wordpress | 2 Wp Portfolio, Wordpress | 2026-01-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4. | ||||
| CVE-2026-22518 | 2 Pencilwp, Wordpress | 2 X Addons For Elementor, Wordpress | 2026-01-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23. | ||||
| CVE-2026-22519 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2. | ||||
| CVE-2024-37472 | 1 Xtendify | 1 Woffice | 2026-01-09 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8. | ||||
| CVE-2024-37471 | 1 Xtendify | 1 Woffice | 2026-01-09 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8. | ||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2026-01-09 | 6.1 Medium |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-63735 | 2 Ruckus, Ruckuswireless | 2 Unleashed, Ruckus Unleashed | 2026-01-09 | 6.1 Medium |
| A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp. | ||||
| CVE-2025-64054 | 1 Fanvil | 3 X210, X210 Firmware, X210 V2 | 2026-01-09 | 9.6 Critical |
| A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. | ||||
| CVE-2023-3193 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-09 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | ||||
| CVE-2023-33937 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-09 | 5.4 Medium |
| Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field. | ||||
| CVE-2023-33938 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-09 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field. | ||||
| CVE-2025-55341 | 1 Quipux | 1 Quipux | 2026-01-08 | 6.5 Medium |
| Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php asocImgRad. | ||||
| CVE-2025-60880 | 1 Webkul | 1 Bagisto | 2026-01-08 | 8.3 High |
| An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions. | ||||
| CVE-2026-21451 | 1 Webkul | 1 Bagisto | 2026-01-08 | 8.4 High |
| Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize `<script>` tags, the filtering can be bypassed by manipulating the raw HTTP POST request before submission. As a result, arbitrary JavaScript can be stored in the CMS content and executed whenever the page is viewed or edited. This exposes administrators to a high-severity risk, including complete account takeover, backend hijacking, and malicious script execution. Version 2.3.10 fixes the issue. | ||||
| CVE-2019-25291 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 7.5 High |
| INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models. | ||||
| CVE-2019-25284 | 2026-01-08 | 6.1 Medium | ||
| V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session. | ||||
| CVE-2019-25280 | 1 Yahei | 1 Yahei Php Prober | 2026-01-08 | 6.1 Medium |
| Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions. | ||||
| CVE-2019-25270 | 2026-01-08 | 6.1 Medium | ||
| SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session. | ||||