Search Results (47294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45254 1 Vaemendis 1 Vaemendis Ubooquity 2026-04-15 7.5 High
VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-64766 2 Nixos, Onlyoffice 2 Nixos, Onlyoffice 2026-04-15 5.3 Medium
NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protect its file cache. An attacker with knowledge of an existing revision ID could use this secret to obtain a document. In practice, an arbitrary revision ID should be hard to obtain. The primary impact is likely the access to known documents from users with expired access. This issue was resolved in NixOS unstable version 25.11 and version 25.05.
CVE-2024-5279 2026-04-15 3.5 Low
A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Rename Handler. The manipulation with the input <img src="" onerror="alert(document.cookie)"> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266083.
CVE-2025-48095 2 Ays-pro, Wordpress 2 Survey Maker, Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8.
CVE-2025-49908 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through <= 3.1.4.
CVE-2025-49911 3 Woocommerce, Wordpress, Wpinstinct 3 Woocommerce, Wordpress, Woo Commerce Vehicle Parts Finder 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.
CVE-2025-49929 2 Ultimateblocks, Wordpress 2 Ultimateblocks, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.
CVE-2025-49946 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy Auto Login After Registration auto-login-after-registration allows Reflected XSS.This issue affects Auto Login After Registration: from n/a through <= 1.0.0.
CVE-2025-49954 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through <= 0.7.3.
CVE-2025-49960 2 Leadbi, Wordpress 2 Leadbi Plugin, Wordpress 2026-04-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7.
CVE-2025-49992 2 Thimpress, Wordpress 2 Learnpress Export Import, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.
CVE-2025-50869 2026-04-15 6.1 Medium
A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code.
CVE-2025-52736 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through <= 2.20.0.
CVE-2025-52755 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through <= 1.0.1.
CVE-2025-52763 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through <= 1.08.
CVE-2025-52770 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through <= 2.5.
CVE-2025-53229 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav RockON DJ rockon allows Reflected XSS.This issue affects RockON DJ: from n/a through <= 3.3.
CVE-2025-53350 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through <= 1.2.4.
CVE-2025-53422 3 Themewarriors, Woocommerce, Wordpress 3 Whatsapp Chat, Woocommerce, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through <= 1.2.1.
CVE-2025-9910 1 Jsondiffpatch Project 1 Jsondiffpatch 2026-04-15 4.7 Medium
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer using the built-in html formatter on a private website.