Lucene search
K

158 matches found

Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.3 views

CVE-2025-32564 WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tomroyal Stop Registration Spam stop-registration-spam allows Reflected XSS.This issue affects Stop Registration Spam: from n/a through = 1.24...

7.1CVSS8.6AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.3 views

PT-2025-17156 · Unknown · Gb Gallery Slideshow

Name of the Vulnerable Software and Affected Versions: GB Gallery Slideshow versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers t...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.8 views

CVE-2025-39582 WordPress WP Data Access plugin <= 5.5.36 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through = 5.5.36...

6.5CVSS7.2AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.3 views

WordPress plugin Mobile Smart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS6.8AI score0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/10 8:13 p.m.13 views

CVE-2025-32211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

6.5CVSS7.2AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/05 2:23 p.m.6 views

CVE-2025-31467

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through = 3.1.8...

7.1CVSS7.2AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 1:20 p.m.65 views

CVE-2025-31418

CVE-2025-31418 corresponds to a reflected XSS in the Gravel WordPress theme. Public material confirms Gravel versions up to 1.6 are affected. The CVSSv3.1 score in the provided data is 7.1 (High) with Network attack, user interaction required, and changes in confidentiality/integrity/availability...

7.1CVSS7.4AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 12:31 a.m.8 views

GHSA-HPHM-3X7F-G875 Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Obfuscate allows Stored XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.1...

5.4CVSS6.9AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.7 views

PT-2025-14727 · Adobe · Advanced Typekit

Name of the Vulnerable Software and Affected Versions: Advanced Typekit versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

6.5CVSS6.7AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2025/04/02 4:17 p.m.2 views

CVE-2025-0154

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 8:58 p.m.45 views

CVE-2025-31441

CVE-2025-31441 describes a Reflected XSS in the WordPress Galleria plugin (wp-galleria). Public description states affected product: WordPress Galleria (wp-galleria), with vulnerable versions listed as from n/a through

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 8:58 p.m.13 views

CVE-2025-30778 WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through = 3.1.9...

7.1CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 2:51 p.m.43 views

CVE-2025-31806

CVE-2025-31806 affects Webling (WordPress plugin Webling). It is a Stored XSS due to improper neutralization of input during web page generation, impacting Webling versions up to 3.9.0. Exploitation requires authentication (Administrator). Wordfence notes the vulnerability and indicates a patch i...

5.9CVSS7.2AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 12:30 a.m.6 views

GHSA-M4WJ-HHWJ-47QP Drupal Core Cross-Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5...

5.4CVSS6.6AI score0.00456EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

WordPress plugin Kento WordPress Stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.9AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2025/03/27 11:15 a.m.16 views

CVE-2025-30873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 11.0.2...

6.5CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:16 p.m.16 views

CVE-2025-28924

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through = 1.8...

7.1CVSS0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/05 3:24 p.m.4 views

CVE-2025-25132

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from n/a through = 1.0.1...

7.1CVSS7.2AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.12 views

CVE-2025-23587 WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through = 2.0.1...

7.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.50 views

CVE-2025-23518

CVE-2025-23518 is a reflected XSS in the WordPress GoogleMapper plugin (versions up to and including 2.0.3). The vulnerability arises from improper neutralization of input during web page generation, enabling script injection. Affected software is the GoogleMapper plugin for WordPress; no exploit...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder