Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24539 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Reflected XSS. This issue affects DeBounce Email Validator: from n/a through 5.6.5.
|
|||||
| CVE-2025-23448 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dastan800 visualslider Sldier allows Reflected XSS. This issue affects visualslider Sldier: from n/a through 1.1.1.
|
|||||
| CVE-2025-27309 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeannot Muller flickr-slideshow-wrapper allows Stored XSS. This issue affects flickr-slideshow-wrapper: from n/a through 5.4.6.
|
|||||
| CVE-2025-23443 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase allows Reflected XSS. This issue affects Author Showcase: from n/a through 1.4.3.
|
|||||
| CVE-2025-22565 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bill Zimmerman vooPlayer v4 allows Reflected XSS. This issue affects vooPlayer v4: from n/a through 4.0.4.
|
|||||
| CVE-2025-27288 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BjornW File Icons allows Reflected XSS. This issue affects File Icons: from n/a through 2.1.
|
|||||
| CVE-2025-24619 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action allows Reflected XSS. This issue affects WP Log Action: from n/a through 0.51.
|
|||||
| CVE-2025-24655 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 1.0.39.
|
|||||
| CVE-2025-23858 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiren Patel Custom Users Order allows Reflected XSS. This issue affects Custom Users Order: from n/a through 4.2.
|
|||||
| CVE-2025-3615 | 2025-04-17 | N/A | 6.4 MEDIUM | ||
|
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-27293 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webparexapp Shipmozo Courier Tracking allows Reflected XSS. This issue affects Shipmozo Courier Tracking: from n/a through 1.0.
|
|||||
| CVE-2025-22636 | 2025-04-17 | N/A | 8.2 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases allows Reflected XSS. This issue affects VR-Frases: from n/a through 3.0.1.
|
|||||
| CVE-2025-24550 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager allows Stored XSS. This issue affects Job Manager: from n/a through 2.2.
|
|||||
| CVE-2025-0757 | 2025-04-17 | N/A | 4.4 MEDIUM | ||
|
Overview
The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)
Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface.
Impact
Once the malicious script is injected, the attacker can perform a v ...
Show More |
|||||
| CVE-2025-27291 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery – Image Gallery allows Reflected XSS. This issue affects WordPress Photo Gallery – Image Gallery: from n/a through 2.0.4.
|
|||||
| CVE-2025-24548 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation allows Reflected XSS. This issue affects Autoglot – Automatic WordPress Translation: from n/a through 2.4.7.
|
|||||
| CVE-2025-24637 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture allows Reflected XSS. This issue affects Beacon Lead Magnets and Lead Capture: from n/a through 1.5.7.
|
|||||
| CVE-2025-27313 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer allows Reflected XSS. This issue affects Google Maps GPX Viewer: from n/a through 3.6.
|
|||||
| CVE-2025-27295 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpion Live css allows Stored XSS. This issue affects Live css: from n/a through 1.3.
|
|||||
| CVE-2025-23855 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyljp SpiderDisplay allows Reflected XSS. This issue affects SpiderDisplay: from n/a through 1.9.1.
|
|||||
| CVE-2025-22796 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas allows Reflected XSS. This issue affects WP-Asambleas: from n/a through 2.85.0.
|
|||||
| CVE-2025-27292 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPyog WPYog Documents allows Reflected XSS. This issue affects WPYog Documents: from n/a through 1.3.3.
|
|||||
| CVE-2025-24624 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech HT Event allows Reflected XSS. This issue affects HT Event: from n/a through 1.4.6.
|
|||||
| CVE-2025-22774 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top allows Reflected XSS. This issue affects CRUDLab Scroll to Top: from n/a through 1.0.1.
|
|||||
| CVE-2025-22771 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China allows Stored XSS. This issue affects The Great Firewords of China: from n/a through 1.2.
|
|||||
| CVE-2025-27308 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmstactics WP Video Posts allows Reflected XSS. This issue affects WP Video Posts: from n/a through 3.5.1.
|
|||||
| CVE-2025-27289 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Guillien Restrict Taxonomies allows Reflected XSS. This issue affects Restrict Taxonomies: from n/a through 1.3.3.
|
|||||
| CVE-2025-27285 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Easy Form by AYS allows Reflected XSS. This issue affects Easy Form by AYS: from n/a through 2.6.9.
|
|||||
| CVE-2025-24553 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akadrama Shipping with Venipak for WooCommerce allows Reflected XSS. This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.22.3.
|
|||||
| CVE-2025-22340 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash allows Stored XSS. This issue affects Data Dash: from n/a through 1.2.3.
|
|||||
| CVE-2025-24670 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhanendran Rajagopal Term Taxonomy Converter allows Reflected XSS. This issue affects Term Taxonomy Converter: from n/a through 1.2.
|
|||||
| CVE-2025-22651 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wppluginboxdev Stylish Google Sheet Reader allows Reflected XSS. This issue affects Stylish Google Sheet Reader: from n/a through 4.0.
|
|||||
| CVE-2025-39521 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator allows Reflected XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4.
|
|||||
| CVE-2025-32531 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ allows Reflected XSS. This issue affects Arconix FAQ: from n/a through 1.9.5.
|
|||||
| CVE-2025-32605 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon allows Reflected XSS. This issue affects MemberPress Discord Addon: from n/a through 1.1.1.
|
|||||
| CVE-2025-27354 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phil88530 Simple Email Subscriber allows Reflected XSS. This issue affects Simple Email Subscriber: from n/a through 2.3.
|
|||||
| CVE-2025-32615 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clinked Clinked Client Portal allows Reflected XSS. This issue affects Clinked Client Portal: from n/a through 1.10.
|
|||||
| CVE-2025-27337 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur Fontsampler allows Reflected XSS. This issue affects Fontsampler: from n/a through 0.4.14.
|
|||||
| CVE-2025-32535 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Shipping by Weight for WooCommerce allows Reflected XSS. This issue affects DN Shipping by Weight for WooCommerce: from n/a through 1.2.
|
|||||
| CVE-2025-32646 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70.
|
|||||