CVE-2025-23786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...

CVE-2024-23786

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected...

CVE-2025-23786

creationtimestamp| type| source ---|---|--- 2025-02-14 13:17:26+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li5bzirf6m2i 2025-02-14 14:38:48+00:00| seen| https://infosec.exchange/users/cve/statuses/114002750893462072...

CVE-2025-23786 WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...

CVE-2025-23786

CVE-2025-23786 is a reflected XSS vulnerability in the WordPress plugin Email to Download (vulnerable up to 3.1.0). The issue is caused by improper neutralization of user input during web page generation, enabling an attacker to inject executable script via input that is reflected in the page. Pu...

CVE-2025-23786 WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...

CVE-2024-23786

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected...

CVE-2024-23786

CVE-2024-23786 affects the Sharp Energy Management Controller with Cloud Services (JH-RVB1/JH-RV11, Ver.B0.1.9.1 and earlier). The vulnerability is a stored cross-site scripting issue that allows a network-adjacent unauthenticated attacker to cause arbitrary script execution in a user’s browser w...

CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

CVE-2023-23786

CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions

CVE-2023-23786 WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

WordPress affiliate-toolkit Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23786 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 35eed840e2de Credits yuyudhn Required...