VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-31
CVE-2025-5285
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31
CVE-2025-5292
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-31
CVE-2025-5016
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.7
4.7
2025-05-30
CVE-2025-4944
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-30
CVE-2025-5235
The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-05-30
CVE-2025-5236
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2025-05-30
CVE-2025-41406
Cross-site Scripting vulnerability in Uchida Wivia 5 Firmware
Cross-site scripting vulnerability exists in wivia 5 all versions.
network
low complexity
uchida
CWE-79
6.1
6.1
2025-05-30
CVE-2025-48485
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
CWE-79
5.4
5.4
2025-05-30
CVE-2025-48486
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
CWE-79
5.4
5.4
2025-05-30
CVE-2025-48487
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
CWE-79
4.8
4.8
«
Previous
1
2
3
(current)
4
5
...
1945
1946
»
Next