Export limit exceeded: 43000 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45419 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37946 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress wp-recaptcha-integration allows DOM-Based XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through <= 1.2.7. | ||||
| CVE-2019-25262 | 2026-04-15 | 3.5 Low | ||
| A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 995dd89d0e3ec5522966724be23a5d58ca1bdac3. Applying a patch is advised to resolve this issue. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-33630 | 1 Piotnet | 1 Piotnet Addons For Elementor | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.26. | ||||
| CVE-2024-11456 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-69085 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank jobbank allows Reflected XSS.This issue affects JobBank: from n/a through <= 1.2.2. | ||||
| CVE-2024-4424 | 2026-04-15 | 6.1 Medium | ||
| The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products. | ||||
| CVE-2024-52460 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atarapay AtaraPay WooCommerce Payment Gateway atarapay-woocommerce allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through <= 2.0.13. | ||||
| CVE-2025-31607 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flomei Simple-Audioplayer simple-audioplayer allows Stored XSS.This issue affects Simple-Audioplayer: from n/a through <= 1.1. | ||||
| CVE-2024-11788 | 2026-04-15 | 6.4 Medium | ||
| The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-11451 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2019-25284 | 2026-04-15 | 6.1 Medium | ||
| V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session. | ||||
| CVE-2025-28971 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider easy-elements-hider allows Stored XSS.This issue affects Easy Elements Hider: from n/a through <= 2.0. | ||||
| CVE-2025-32541 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issue affects WooCommerce Sales MIS Report: from n/a through <= 4.0.3. | ||||
| CVE-2024-56030 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carver Lab 10CentMail 10centmail-subscription-management-and-analytics allows Reflected XSS.This issue affects 10CentMail: from n/a through <= 2.1.50. | ||||
| CVE-2025-43839 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through <= 2.2. | ||||
| CVE-2024-11381 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2020-36966 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2026-04-15 | 6.4 Medium |
| Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information. | ||||
| CVE-2025-28976 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dsrodzin Email Address Security by WebEmailProtector webemailprotector allows Stored XSS.This issue affects Email Address Security by WebEmailProtector: from n/a through <= 3.3.6. | ||||
| CVE-2025-62057 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0. | ||||
| CVE-2025-32600 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= 4.7.0. | ||||