Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2025-04-16 CVE-2025-2314 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-15 CVE-2025-2083 The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-15 CVE-2024-45712 SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability.
network
high complexity
CWE-79
2.6
2.6
2025-04-15 CVE-2025-2225 The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rael_title_tag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-14 CVE-2022-43850 IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-04-14 CVE-2025-3566 A vulnerability, which was classified as critical, has been found in veal98 ??? Echo ?????? 4.2.
network
low complexity
CWE-79
7.3
7.3
2025-04-13 CVE-2025-3423 IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2025-04-12 CVE-2025-1455 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-12 CVE-2025-1456 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-12 CVE-2025-3276 The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4