Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2025-05-30 CVE-2025-48487 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
4.8
4.8
2025-05-30 CVE-2025-48488 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
5.4
5.4
2025-05-30 CVE-2025-48489 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
4.8
4.8
2025-05-30 CVE-2025-48875 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
5.4
5.4
2025-05-30 CVE-2025-4943 Cross-site Scripting vulnerability in La-Studioweb Element KIT for Elementor
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping.
network
low complexity
la-studioweb CWE-79
5.4
5.4
2025-05-30 CVE-2025-5259 The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-30 CVE-2025-48483 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
5.4
5.4
2025-05-30 CVE-2025-48484 Cross-site Scripting vulnerability in Freescout
FreeScout is a free self-hosted help desk and shared mailbox.
network
low complexity
freescout CWE-79
5.4
5.4
2025-05-29 CVE-2025-4670 The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-29 CVE-2025-5122 The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4