CVE-2025-62937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through = 0.5.9...

CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...