Export limit exceeded: 12197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45987 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45987 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6481 | 2 Codeamp, Search And Filter Pro Wordpress | 2 Search \& Filter, Search And Filter Pro Wordpress | 2025-05-28 | 4.8 Medium |
| The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-44855 | 1 Cobham | 4 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor 800 Vsat and 1 more | 2025-05-28 | 6.5 Medium |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | ||||
| CVE-2024-1752 | 1 Persian-vc | 1 Font Farsi | 2025-05-28 | 6.1 Medium |
| The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-25807 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. | ||||
| CVE-2024-26557 | 1 Codiad | 1 Codiad | 2025-05-28 | 5.4 Medium |
| Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | ||||
| CVE-2024-29271 | 2 Givanz, Vvveb | 2 Vvvebjs, Vvvebjs | 2025-05-28 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | ||||
| CVE-2024-48417 | 1 Edimax | 2 Br-6476ac, Br-6476ac Firmware | 2025-05-28 | 5.2 Medium |
| Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter. | ||||
| CVE-2025-2162 | 1 Mappresspro | 1 Mappress | 2025-05-28 | 4.8 Medium |
| The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-0961 | 1 Anisha | 1 Job Recruitment | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0348 | 1 Campcodes | 1 Deped Equipment Inventory System | 2025-05-28 | 3.5 Low |
| A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2025-05-28 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | ||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2025-05-28 | 5.4 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | ||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2025-05-28 | 5.4 Medium |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | ||||
| CVE-2025-3513 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-3514 | 1 Brainstormforce | 1 Sureforms | 2025-05-28 | 3.5 Low |
| The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12679 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | 4.8 Medium |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12680 | 1 Prisna | 1 Google Website Translator | 2025-05-28 | 4.8 Medium |
| The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13482 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | 4.8 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13486 | 1 Icegram | 1 Icegram Engage | 2025-05-28 | 4.8 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-8703 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | 6.1 Medium |
| The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs. | ||||