CVE-2025-22802

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail yeemail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag A...

CVE-2025-22613

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-0537

A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be...

CVE-2025-22724

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MojofyWP Product Carousel For WooCommerce – WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through 1.1.0...

CVE-2025-24585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through = 5.9.7...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

CVE-2024-48706

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b managetask.php file respectively...

CVE-2024-9300

A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contactus.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. T...

CVE-2024-9169

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-45456

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JoomUnited WP Meta SEO wp-meta-seo allows Stored XSS.This issue affects WP Meta SEO: from n/a through = 4.5.13...

CVE-2024-5212

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-43284

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1...

CVE-2024-43262

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8...

CVE-2024-40473

A Stored Cross Site Scripting XSS vulnerability was found in "managehouses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "Houseno" and "Description" parameter fields...

CVE-2024-41380

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\tags\addtaggingtagged.php...

CVE-2024-6498

The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-32332

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in WDS Settings under the Wireless Page...

CVE-2024-32540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Web357 Fixed HTML Toolbar allows Stored XSS.This issue affects Fixed HTML Toolbar: from n/a through 1.0.7...

CVE-2024-32539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JoomUnited WP File Download Light allows Stored XSS.This issue affects WP File Download Light: from n/a through 1.3.3...