Lucene search
K

136 matches found

CVE
CVE
added 2025/09/23 6:47 p.m.189 views

CVE-2025-58674

CVE-2025-58674 corresponds to a Stored XSS in WordPress core. Affected are WordPress versions from 4.7 through 6.8.2 and many 5.x/6.x branches listed in the entry; exploitation requires an attacker with Author or higher privileges and some user interaction. The issue is rated medium (CVSSv3.1: AV...

5.9CVSS5.4AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 4:15 p.m.45 views

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.4CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 6:24 p.m.3 views

CVE-2025-57956 WordPress WooMS Plugin <= 9.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12...

5.9CVSS5.6AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:24 p.m.10 views

CVE-2025-57993 WordPress Geolocation IP Detection plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benjamin Pick Geolocation IP Detection geoip-detect allows Stored XSS.This issue affects Geolocation IP Detection: from n/a through = 5.5.0...

6.5CVSS0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 9:30 p.m.6 views

GHSA-88G3-PV3W-5WMR Liferay Portal is vulnerable to XSS attacks via its remote app title field

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remot...

4.6CVSS5.3AI score0.002EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/06 1:47 a.m.2 views

CVE-2025-6067 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption and data-linktext parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This make...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.1 views

CVE-2025-58793 WordPress WPB Elementor Addons plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Elementor Addons wpb-elementor-addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through = 1.7...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/08/20 5:15 p.m.5 views

CVE-2025-46962

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/18 4:2 p.m.4 views

CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed ...

9CVSS5.7AI score0.00351EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.6 views

WordPress plugin Responsive Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS6.1AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2025/06/10 11:15 p.m.7 views

CVE-2025-47052

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00305EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 11:15 p.m.5 views

CVE-2025-46879

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.8 views

CVE-2024-1535

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.2 due to insufficient input sanitizati...

6.4CVSS5.2AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.6 views

CVE-2024-4668

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.7 views

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpresscalendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6.1AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.6 views

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin Cost Calculator Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5.5AI score0.00183EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-4131

The GmapsMania plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gmap shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 4:8 p.m.4 views

CVE-2025-46508 WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...

7.1CVSS8.6AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-15730 · Unknown · Comment Validation Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Validation Reloaded versions 0.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS7.5AI score0.00197EPSS
Exploits0References5
Rows per page
Query Builder