VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-22
CVE-2025-33138
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Aspera Faspex
IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection.
network
low complexity
ibm
CWE-80
6.1
6.1
2025-05-21
CVE-2025-20267
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-80
4.8
4.8
2025-05-16
CVE-2024-51475
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection.
network
low complexity
CWE-80
5.4
5.4
2025-05-15
CVE-2025-4126
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function.
network
low complexity
CWE-80
6.4
6.4
2025-05-03
CVE-2025-4168
The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-80
6.4
6.4
2025-05-01
CVE-2025-3521
The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.4
6.4
2025-03-31
CVE-2025-30161
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Open-Emr Openemr
OpenEMR is a free and open source electronic health records and medical practice management application.
network
low complexity
open-emr
CWE-80
5.4
5.4
2025-03-27
CVE-2025-1997
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
network
low complexity
CWE-80
5.4
5.4
2025-03-15
CVE-2024-13497
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tripetto
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
tripetto
CWE-80
6.1
6.1
2025-02-20
CVE-2024-49337
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in IBM Openpages With Watson 9.0
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications.
network
low complexity
ibm
CWE-80
5.4
5.4
«
1
(current)
2
3
»
Next