CVE-2025-47705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting XSS.This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2...

CVE-2025-46749

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization due to improper handling of uploaded files that allows execution of arbitrary JavaScript in the frontend when accessed via the API browser...

CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...

WordPress Firelight Lightbox plugin < 2.3.15 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Firelight Lightbox versions 2.3.15...

CVE-2025-4512 Inetum IODAS app.jsp cross site scripting

A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-47617

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...

CVE-2025-29152

Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration...

WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin BMI Adult & Kid Calculator versions = 1.2.2...

Koillection Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components...

WordPress N360 | Splash Screen plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin N360 | Splash Screen versions = 1.0.6...

CVE-2025-47679

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows DOM-Based XSS.This issue affects RS WP Book Showcase: from n/a through = 6.7.59...

CVE-2025-47617

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...

CVE-2025-47592

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Árpád Lehel Mátyus Terms Popup On User Login terms-popup-on-user-login allows Stored XSS.This issue affects Terms Popup On User Login: from n/a through = 2.0.8...

CVE-2025-47502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from n/a through = 2.7.12...

CVE-2025-47489

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through = 2.0.29...

CVE-2025-47668

CVE-2025-47668 affects WordPress plugin CookieCode (versions n/a through 2.4.4). The issue is Stored XSS caused by improper input neutralization during web page generation. CVSS 3.1 vector: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L, base score 5.9 (Medium). Public references (Patchstack, NVD, Red Hat, ...

CVE-2025-47522 WordPress AWEOS WP Lock plugin <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AWEOS GmbH AWEOS WP Lock aweos-wp-lock allows Stored XSS.This issue affects AWEOS WP Lock: from n/a through = 1.4.8...

CVE-2025-47501

CVE-2025-47501 : DOM-based XSS in WordPress plugin Content Control (