Export limit exceeded: 45518 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45518 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31122 | 2026-04-15 | 5.8 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights Access Manager: from n/a through 1.1.2. | ||||
| CVE-2024-13506 | 2026-04-15 | 6.4 Medium | ||
| The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-53427 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chibueze Okechukwu SEO Pyramid seo-pyramid allows Reflected XSS.This issue affects SEO Pyramid: from n/a through <= 1.9.8. | ||||
| CVE-2025-53426 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Likert Survey Master likert-survey-master allows Reflected XSS.This issue affects Likert Survey Master: from n/a through <= 0.8.0.1. | ||||
| CVE-2025-53320 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a through 1.0.4. | ||||
| CVE-2025-58593 | 2 Themeisle, Wordpress | 2 Orbit Fox, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 3.0.0. | ||||
| CVE-2025-40644 | 1 Riftzilla | 1 Qrgen | 2026-04-15 | N/A |
| Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2022-42974 | 1 Kostal Piko | 1 Mp Plus Hmi Oem | 2026-04-15 | 4.8 Medium |
| In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML. | ||||
| CVE-2025-62136 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Melos melos allows Stored XSS.This issue affects Melos: from n/a through <= 1.6.0. | ||||
| CVE-2025-58961 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through <= 2.4. | ||||
| CVE-2025-62060 | 2 Themepoints, Wordpress | 2 Tab Ultimate, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through <= 1.8. | ||||
| CVE-2025-58842 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through <= 1.0.9. | ||||
| CVE-2025-58786 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through <= 0.4.7.6. | ||||
| CVE-2025-58784 | 2 Ari-soft, Wordpress | 2 Ari Fancy Lightbox, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox ari-fancy-lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through <= 1.4.0. | ||||
| CVE-2025-5864 | 2026-04-15 | 3.7 Low | ||
| A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-66444 | 1 Hitachi | 2 Infrastructure Analytics Advisor, Ops Center Analyzer | 2026-04-15 | 8.2 High |
| Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. | ||||
| CVE-2022-25038 | 1 Waneditor | 1 Waneditor | 2026-04-15 | 6.1 Medium |
| wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload function. | ||||
| CVE-2021-47744 | 2 Cypress, Linux | 3 Ctm-200, Ctm-one, Linux | 2026-04-15 | 7.5 High |
| Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices. | ||||
| CVE-2021-47837 | 2 Amitmerchant1990, Matthewwithanm | 2 Markdownify, Markdownify | 2026-04-15 | 7.2 High |
| Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution. | ||||
| CVE-2021-47838 | 1 Dvcrn | 1 Markright | 2026-04-15 | 7.2 High |
| Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system. | ||||