Total
41413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14448 | 2 Cbutlerjr, Wordpress | 2 Wp-members Membership Plugin, Wordpress | 2026-01-23 | 5.4 Medium |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-14745 | 2 Rebelcode, Wordpress | 2 Rss Aggregator, Wordpress | 2026-01-23 | 6.4 Medium |
| The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-22913 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 4.3 Medium |
| Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data. | ||||
| CVE-2026-24623 | 2026-01-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0. | ||||
| CVE-2026-24620 | 2026-01-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3. | ||||
| CVE-2026-24584 | 2026-01-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0. | ||||
| CVE-2026-24528 | 2026-01-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9. | ||||
| CVE-2026-24526 | 2026-01-23 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.4.3. | ||||
| CVE-2025-63644 | 2 Ph7builder, Ph7software | 2 Ph7 Social Dating Builder, Ph7-social-dating-cms | 2026-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field. | ||||
| CVE-2025-2204 | 2026-01-23 | 4.7 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14556 | 2 Drupal, Flag Module Project | 2 Flag, Flag | 2026-01-23 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9. | ||||
| CVE-2025-14557 | 2 Drupal, Facebook Pixel Project | 2 Facebook Pixel, Facebook Pixel | 2026-01-23 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1. | ||||
| CVE-2021-24713 | 1 Cminds | 2 Video Lessons Manager, Video Lessons Manager Pro | 2026-01-23 | 4.8 Medium |
| The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks | ||||
| CVE-2026-0533 | 1 Autodesk | 1 Fusion | 2026-01-23 | 7.1 High |
| A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0534 | 1 Autodesk | 1 Fusion | 2026-01-23 | 7.1 High |
| A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0535 | 1 Autodesk | 1 Fusion | 2026-01-23 | 7.1 High |
| A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2023-31228 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||
| CVE-2023-53890 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-01-23 | 5.4 Medium |
| Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Cotonti Siena | 2026-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-57883 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-01-23 | N/A |
| Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user. | ||||