VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-22
CVE-2025-46250
Cross-site Scripting vulnerability in Vikasratudi Lifetime Free Drag & Drop Contact Form Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Stored XSS.
network
low complexity
vikasratudi
CWE-79
4.8
4.8
2025-04-22
CVE-2025-46253
Cross-site Scripting vulnerability in Wpmet Gutenkit
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS.
network
low complexity
wpmet
CWE-79
5.4
5.4
2025-04-22
CVE-2025-46254
Cross-site Scripting vulnerability in Visualcomposer Visual Composer Website Builder
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS.
network
low complexity
visualcomposer
CWE-79
5.4
5.4
2025-04-22
CVE-2025-2839
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-22
CVE-2025-3814
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-20
CVE-2025-43954
Cross-site Scripting vulnerability in Quasar Qmarkdown
QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
network
low complexity
quasar
CWE-79
6.1
6.1
2025-04-19
CVE-2025-3661
The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-19
CVE-2025-3809
The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-04-19
CVE-2025-1457
The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-19
CVE-2025-3275
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
...
6
7
8
(current)
9
10
...
1923
1924
»
Next