Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-39558 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.
CVE-2025-27314 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kush Sharma Kush Micro News allows Stored XSS. This issue affects Kush Micro News: from n/a through 1.6.7.
CVE-2025-32651 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in serpednet SERPed.net allows Reflected XSS. This issue affects SERPed.net: from n/a through 4.6.
CVE-2025-27322 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bappa Mal QR Code for WooCommerce allows Reflected XSS. This issue affects QR Code for WooCommerce: from n/a through 1.2.0.
CVE-2025-32511 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce allows Reflected XSS. This issue affects Make Email Customizer for WooCommerce: from n/a through 1.0.5.
CVE-2025-32649 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3.
CVE-2025-32521 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block allows Reflected XSS. This issue affects Cool Flipbox – Shortcode & Gutenberg Block: from n/a through 1.8.3.
CVE-2025-32674 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for WooCommerce: from n/a through 4.7.
CVE-2025-32562 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll allows Reflected XSS. This issue affects WP Easy Poll: from n/a through 2.2.9.
CVE-2025-32533 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Reflected XSS. This issue affects Deliver via Shipos for WooCommerce: from n/a through 2.1.7.
CVE-2025-32507 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aakif Kadiwala Event Espresso – Custom Email Template Shortcode allows Reflected XSS. This issue affects Event Espresso – Custom Email Template Shortcode: from n/a through 1.0.0.
CVE-2025-32540 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications allows Reflected XSS. This issue affects Feedify – Web Push Notifications: from n/a through 2.4.5.
CVE-2025-32504 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silvasoft Silvasoft boekhouden allows Reflected XSS. This issue affects Silvasoft boekhouden: from n/a through 3.0.5.
CVE-2025-31006 2025-04-17 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity Reactions For Buddypress allows Reflected XSS. This issue affects Activity Reactions For Buddypress: from n/a through 1.0.22.
CVE-2023-7160 1 Janobe 1 Engineers Online Portal 2025-04-17 2.4 Low
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.
CVE-2023-51372 1 Hasthemes 1 Hashbar 2025-04-17 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.
CVE-2021-35252 1 Solarwinds 1 Serv-u 2025-04-17 7.5 High
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVE-2023-52265 1 Idurarapp 1 Idurar 2025-04-17 5.4 Medium
IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.
CVE-2023-50630 1 Teamwork Management System Project 1 Teamwork Management System 2025-04-17 6.1 Medium
Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.
CVE-2020-14502 1 Rockwellautomation 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more 2025-04-17 6.1 Medium
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.