Export limit exceeded: 353348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46219 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45365 | 1 Urosevic | 1 Stock Ticker | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2. | ||||
| CVE-2022-45084 | 1 Loginizer | 1 Loginizer | 2026-04-28 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | ||||
| CVE-2022-44590 | 1 Simple Video Embedder Project | 1 Simple Video Embedder | 2026-04-28 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | ||||
| CVE-2022-44629 | 1 Catalystconnect | 1 Catalyst Connect Zoho Crm Client Portal | 2026-04-28 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | ||||
| CVE-2022-44628 | 1 Jumpdemand | 1 4ecps Web Forms | 2026-04-28 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | ||||
| CVE-2022-43480 | 1 Magneticlab | 1 Homepage Pop-up | 2026-04-28 | 6.1 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | ||||
| CVE-2022-40193 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2026-04-28 | 6.1 Medium |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | ||||
| CVE-2022-38055 | 1 Gvectors | 1 Wpforo Forum | 2026-04-28 | 4.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9. | ||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2026-04-28 | 5.4 Medium |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. | ||||
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2026-04-28 | 5.4 Medium |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | ||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2026-04-28 | 4.8 Medium |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | ||||
| CVE-2022-33191 | 1 Testimonials Project | 1 Testimonials | 2026-04-28 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. | ||||
| CVE-2022-29420 | 1 Edmonsoft | 1 Countdown Builder | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. | ||||
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2026-04-28 | 4.1 Medium |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | ||||
| CVE-2026-41472 | 2 Cyberpanel, Usmannasir | 2 Cyberpanel, Cyberpanel | 2026-04-28 | 6.1 Medium |
| CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated session when they visit the AI Scanner dashboard, allowing them to issue same-origin requests to plant cron jobs and achieve remote code execution on the server. | ||||
| CVE-2026-3007 | 1 Three Learning | 1 Koollab Learning Management System | 2026-04-28 | 5.4 Medium |
| Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature. | ||||
| CVE-2026-7281 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-28 | 2.4 Low |
| A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4805 | 2 Duongancol, Wordpress | 2 Woostify, Wordpress | 2026-04-28 | 6.4 Medium |
| The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated directly into a jQuery HTML string without sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-38935 | 1 Diskoverdata | 1 Diskover | 2026-04-28 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | ||||
| CVE-2026-38936 | 1 Diskoverdata | 1 Diskover | 2026-04-28 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter | ||||