Total
38071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46824 | 2025-08-20 | 3.1 Low | ||
| The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin. | ||||
| CVE-2025-46198 | 1 Getgrav | 1 Grav | 2025-08-20 | 8.8 High |
| Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element | ||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-08-20 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | ||||
| CVE-2025-49400 | 2025-08-20 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2. | ||||
| CVE-2025-33104 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-20 | 4.4 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-53205 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast allows Reflected XSS. This issue affects Radio Player Shoutcast & Icecast: from n/a through 4.4.7. | ||||
| CVE-2025-54880 | 2025-08-20 | N/A | ||
| Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0. | ||||
| CVE-2025-54881 | 2025-08-20 | N/A | ||
| Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. | ||||
| CVE-2025-33008 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-08-20 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-9147 | 2025-08-20 | 3.5 Low | ||
| A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48170 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1. | ||||
| CVE-2025-48162 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro allows Reflected XSS. This issue affects Simple Business Directory Pro: from n/a through 15.5.1. | ||||
| CVE-2025-53562 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1. | ||||
| CVE-2025-53564 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Reflected XSS. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5. | ||||
| CVE-2025-53559 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Universal Video Player - Addon for WPBakery Page Builder: from n/a through 3.2.1. | ||||
| CVE-2025-48163 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support allows Reflected XSS. This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through 3.5.4. | ||||
| CVE-2022-3896 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 6.1 Medium |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers. | ||||
| CVE-2014-1906 | 1 Videowhisper | 2 Live Streaming Integration Plugin, Videowhisper Live Streaming Integration | 2025-08-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/. | ||||
| CVE-2022-3897 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 5.5 Medium |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2013-5714 | 2 Videowhisper, Wordpress | 3 Live Streaming Integration Plugin, Videowhisper Live Streaming Integration, Wordpress | 2025-08-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. | ||||