11 matches found
CVE-2026-11908
CVE-2026-11908 affects Drupal Tagify integration. The issue is an improper neutralization of input during web page generation in Tagify, allowing Stored XSS in Tagify widgets for versions 0.0.0 through 1.2.52. Connected sources (NVD, CVE lists, DRUPAL-SA-CONTRIB-2026-043, OSV) confirm the cross-s...
CVE-2026-56774
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...
EUVD-2025-24688
Malicious code in bioql PyPI...
CVE-2025-54706
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...
CVE-2025-54706
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...
CVE-2025-54706
CVE-2025-54706 concerns the WordPress plugin Magical Posts Display (versions up to and including 1.2.52). The issue is a DOM-based cross-site scripting (XSS) vulnerability caused by improper neutralization of user input during web page generation. Impact, per the sources, is low to medium across ...
CVE-2025-54706 WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52...
WordPress plugin Magical Posts Display 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2025-33258 · WordPress · Magical Posts Display
Name of the Vulnerable Software and Affected Versions: Magical Posts Display versions 1.0.0 through 1.2.52 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Magical Posts Display to...
PT-2024-15943 · WordPress · Calculated Fields Form
Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 1.2.52 Description: The issue is related to Stored Cross-Site Scripting via the plugin's CP CALCULATED FIELDS shortcode due to insufficient input sanitization and outp...
Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a slider, put the following payload in the CSS settings and save: The XSS will be...