Export limit exceeded: 351183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45967 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45967 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22295 | 2026-04-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6. | ||||
| CVE-2024-49316 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1. | ||||
| CVE-2024-49248 | 2026-04-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37. | ||||
| CVE-2024-49239 | 1 Nikhilvaghela | 1 Add Categories Post Footer | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nikhilvaghela Add Categories Post Footer add-categories-post-footer allows Reflected XSS.This issue affects Add Categories Post Footer: from n/a through <= 2.2.2. | ||||
| CVE-2024-49238 | 1 Dh9sb.dx-info | 1 Adif Log Search Widget | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emka73 ADIF Log Search Widget adif-log-search-widget allows Reflected XSS.This issue affects ADIF Log Search Widget: from n/a through <= 1.0f. | ||||
| CVE-2024-49240 | 1 Agustinberasategui | 1 Ab Categories Search Widget | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajberasategui AB Categories Search Widget ab-categories-search-widget allows Reflected XSS.This issue affects AB Categories Search Widget : from n/a through <= 0.2.5. | ||||
| CVE-2024-49230 | 1 Harpreetsingh | 1 Ajax Custom Css\/js | 2026-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harry005 Ajax Custom CSS/JS ajax-awesome-css allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through <= 2.0.4. | ||||
| CVE-2024-49224 | 1 Maheshpatel | 1 Mitm Bug Tracker | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mahesh_9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through <= 1.0. | ||||
| CVE-2023-49158 | 2026-04-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.This issue affects LadiApp: from n/a through <= 4.4. | ||||
| CVE-2023-47759 | 1 Premio | 1 Chaty | 2026-04-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty chaty allows DOM-Based XSS.This issue affects Chaty: from n/a through <= 3.1.2. | ||||
| CVE-2023-47190 | 1 Apollo13themes | 1 Apollo13 Framework Extensions | 2026-04-29 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions. | ||||
| CVE-2023-47185 | 1 Gvectors | 1 Wpdiscuz | 2026-04-29 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. | ||||
| CVE-2023-46626 | 1 Flowfact | 1 Flowfact | 2026-04-29 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions. | ||||
| CVE-2023-46640 | 1 Drelton | 1 Medialist | 2026-04-29 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions. | ||||
| CVE-2023-46783 | 1 Brightplugins | 1 Pre-orders For Woocommerce | 2026-04-29 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions. | ||||
| CVE-2023-36688 | 1 Idoweb | 1 Simple Site Verify | 2026-04-29 | 4.3 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions. | ||||
| CVE-2026-38948 | 1 Daylightstudio | 1 Fuel Cms | 2026-04-29 | 5.4 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code. | ||||
| CVE-2026-5306 | 2 Checkmail, Wordpress | 2 Check And Log Email, Wordpress | 2026-04-29 | 5.4 Medium |
| The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled | ||||
| CVE-2026-29971 | 1 Webfilesys | 1 Webfilesys | 2026-04-28 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBackup functionality, authentication input handling, search functionality, and error message rendering components | ||||
| CVE-2026-7297 | 1 Sourcecodester | 1 Pizzafy Ecommerce System | 2026-04-28 | 2.4 Low |
| A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||