Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47714 | 1 Ibm | 1 Sterling File Gateway | 2025-03-07 | N/A | 4.8 MEDIUM |
|
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.
|
|||||
| CVE-2023-50307 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338.
|
|||||
| CVE-2024-34794 | 1 Tainacan | 1 Tainacan | 2025-03-07 | N/A | 7.1 HIGH |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.21.3.
|
|||||
| CVE-2024-34795 | 1 Tainacan | 1 Tainacan | 2025-03-07 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3.
|
|||||
| CVE-2023-45186 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | N/A | 4.8 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691.
|
|||||
| CVE-2024-22357 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894.
|
|||||
| CVE-2024-4567 | 1 Themify | 1 Themify Shortcodes | 2025-03-07 | N/A | 6.4 MEDIUM |
|
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-0475 | 1 Gitlab | 1 Gitlab | 2025-03-07 | N/A | 8.7 HIGH |
|
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.
|
|||||
| CVE-2025-0863 | 2025-03-07 | N/A | 6.4 MEDIUM | ||
|
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-12809 | 2025-03-07 | N/A | 6.4 MEDIUM | ||
|
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-54133 | 2025-03-07 | N/A | N/A | ||
|
Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass ...
Show More |
|||||
| CVE-2024-49310 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.
|
|||||
| CVE-2022-44875 | 1 Kioware | 1 Kioware | 2025-03-06 | N/A | 5.4 MEDIUM |
|
KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.
|
|||||
| CVE-2025-1505 | 1 Berocket | 1 Advanced Ajax Product Filters | 2025-03-06 | N/A | 6.1 MEDIUM |
|
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-53796 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.
|
|||||
| CVE-2024-54253 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1.
|
|||||
| CVE-2025-24729 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
|
|||||
| CVE-2025-24578 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.0.
|
|||||
| CVE-2024-1606 | 1 Bmc | 1 Control-m | 2025-03-06 | N/A | 4.6 MEDIUM |
|
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
|
|||||
| CVE-2024-12205 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2025-03-06 | N/A | 6.4 MEDIUM |
|
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2021-20553 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-06 | N/A | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-12820 | 1 Webtamarin | 1 Mk Google Directions | 2025-03-06 | N/A | 6.4 MEDIUM |
|
The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-9888 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 5.4 MEDIUM |
|
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2023-26954 | 1 Onekeyadmin Project | 1 Onekeyadmin | 2025-03-06 | N/A | 5.4 MEDIUM |
|
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.
|
|||||
| CVE-2025-1405 | 1 Implecode | 1 Product Catalog Simple | 2025-03-06 | N/A | 6.4 MEDIUM |
|
The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2025-1513 | 1 Contest-gallery | 1 Contest Gallery | 2025-03-06 | N/A | 7.2 HIGH |
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execu ...
Show More |
|||||
| CVE-2025-1511 | 1 Wpeverest | 1 User Registration | 2025-03-06 | N/A | 6.1 MEDIUM |
|
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
|
|||||
| CVE-2024-13469 | 1 Pickplugins | 1 Pricing Table | 2025-03-06 | N/A | 6.4 MEDIUM |
|
The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-13851 | 1 Internet-formation | 1 Modal Portfolio | 2025-03-06 | N/A | 5.5 MEDIUM |
|
The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
|
|||||
| CVE-2024-9019 | 1 Secupress | 1 Secupress | 2025-03-06 | N/A | 6.4 MEDIUM |
|
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2022-42248 | 1 Qlik | 1 Qlikview | 2025-03-06 | N/A | 5.4 MEDIUM |
|
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
|
|||||
| CVE-2024-54224 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7.
|
|||||
| CVE-2024-51787 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3.
|
|||||
| CVE-2024-34374 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.
|
|||||
| CVE-2024-47329 | 1 Quomodosoft | 1 Elementsready | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.
|
|||||
| CVE-2024-37253 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2025-03-06 | N/A | 2.7 LOW |
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.
|
|||||
| CVE-2024-34432 | 1 Kitforest | 1 Better Elementor Addons | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4.
|
|||||
| CVE-2024-55541 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-03-06 | N/A | 6.1 MEDIUM |
|
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
|
|||||
| CVE-2024-32593 | 1 Wpbits | 1 Wpbits Addons For Elementor Page Builder | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.3.4.2.
|
|||||
| CVE-2024-32557 | 1 Exclusiveaddons | 1 Exclusive Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.
|
|||||