Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50006 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4.
|
|||||
| CVE-2025-50005 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.
|
|||||
| CVE-2025-49336 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4.
|
|||||
| CVE-2025-49249 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40.
|
|||||
| CVE-2025-49066 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2.
|
|||||
| CVE-2025-49046 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n/a through <= 1.3.4.
|
|||||
| CVE-2025-49045 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3.
|
|||||
| CVE-2025-49043 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1.6.
|
|||||
| CVE-2025-48094 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.
|
|||||
| CVE-2025-47666 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7.
|
|||||
| CVE-2025-47500 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through <= 3.19.5.
|
|||||
| CVE-2025-32123 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through <= 5.3.5.
|
|||||
| CVE-2026-24389 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.
|
|||||
| CVE-2025-36409 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 5.4 MEDIUM |
|
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36408 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 6.4 MEDIUM |
|
IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-36396 | 1 Ibm | 1 Application Gateway | 2026-01-26 | N/A | 5.4 MEDIUM |
|
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2025-27005 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.
|
|||||
| CVE-2024-31975 | 1 Engeniustech | 2 Ews356-fit, Ews356-fit Firmware | 2026-01-26 | N/A | 4.8 MEDIUM |
|
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
|
|||||
| CVE-2024-51673 | 1 Hasthemes | 1 Ht Politic | 2026-01-26 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4.
|
|||||
| CVE-2024-41358 | 1 Phpipam | 1 Phpipam | 2026-01-26 | N/A | 6.1 MEDIUM |
|
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.
|
|||||
| CVE-2024-41349 | 1 Unmark | 1 Unmark | 2026-01-26 | N/A | 6.1 MEDIUM |
|
unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php.
|
|||||
| CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 6.1 MEDIUM |
|
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php
|
|||||
| CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 6.1 MEDIUM |
|
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php
|
|||||
| CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 5.4 MEDIUM |
|
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php
|
|||||
| CVE-2021-47769 | 1 Bdtask | 1 Isshue | 2026-01-26 | N/A | 4.8 MEDIUM |
|
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.
|
|||||
| CVE-2025-8460 | 1 Centreon | 1 Open Tickets | 2026-01-26 | N/A | 6.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
|
|||||
| CVE-2024-54123 | 1 Backdropcms | 1 Backdrop | 2026-01-26 | N/A | 6.1 MEDIUM |
|
Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.
|
|||||
| CVE-2025-12511 | 1 Centreon | 1 Dynamic Service Management | 2026-01-26 | N/A | 6.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS
to user with elevated privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8.
|
|||||
| CVE-2025-24752 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-26 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14.
|
|||||
| CVE-2025-12746 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-57277 | 2026-01-26 | N/A | 5.7 MEDIUM | ||
|
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
|
|||||
| CVE-2024-41345 | 1 Jpatokal | 1 Openflights | 2026-01-26 | N/A | 5.4 MEDIUM |
|
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php
|
|||||
| CVE-2022-26573 | 1 Maccms | 1 Maccms | 2026-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters.
|
|||||
| CVE-2025-12513 | 1 Centreon | 1 Centreon Web | 2026-01-26 | N/A | 6.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
|
|||||
| CVE-2025-13056 | 1 Centreon | 1 Centreon Web | 2026-01-26 | N/A | 6.8 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules)
allows Stored XSS to users with high privileges.
This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
|
|||||
| CVE-2021-47839 | 2026-01-26 | N/A | 7.2 HIGH | ||
|
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
|
|||||
| CVE-2021-47838 | 2026-01-26 | N/A | 7.2 HIGH | ||
|
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.
|
|||||
| CVE-2021-47844 | 2026-01-26 | N/A | 6.1 MEDIUM | ||
|
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
|
|||||
| CVE-2021-47835 | 2026-01-26 | N/A | 7.2 HIGH | ||
|
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
|
|||||
| CVE-2021-47840 | 2026-01-26 | N/A | 7.2 HIGH | ||
|
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
|
|||||