Search Results (47375 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-35509 1 Eyoucms 1 Eyoucms 2026-06-16 6.1 Medium
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
CVE-2026-41556 2 Properfraction, Wordpress 2 Profilepress, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-48838 2 Wordpress, Wpexperts 2 Wordpress, Post Smtp 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
CVE-2026-48880 2 Ahmad, Wordpress 2 Wp Job Portal, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
CVE-2026-48867 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
CVE-2026-48885 2 Groundhogg, Wordpress 2 Hollerbox, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-48870 2 Kingaddons, Wordpress 2 King Addons For Elementor, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
CVE-2025-48700 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra 2026-06-16 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
CVE-2026-40787 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40791 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-42658 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42688 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42775 2 Automatorwp, Wordpress 2 Automatorwp, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-39463 2 Managewp, Wordpress 2 Managewp Worker, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
CVE-2026-12202 1 Intelliants 1 Subrion Cms 2026-06-16 2.4 Low
A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-49773 2 Foliovision, Wordpress 2 Fv Flowplayer Video Player, Wordpress 2026-06-16 6.5 Medium
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
CVE-2026-34902 2 Wcproducttable, Wordpress 2 Woocommerce Product Table Lite, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
CVE-2026-39514 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
CVE-2026-42686 2026-06-16 7.1 High
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-49055 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.