Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

@backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20220305022735 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25152 via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.13.11-next.0)

@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.0.0-nightly-20230323021924, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =1.10.4-next.2 Source cves: CVE-2026-25152 Source advisory: OSV:GHSA-W669-JJ7H-88M9...

CVE-2026-25152

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

CVE-2026-25152

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

@backstage/plugin-search-backend-module-techdocs (>=0.4.9-next.0 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20251222025103 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25152 via @backstage/plugin-techdocs-node (>=1.0.0 <=1.13.11-next.0)

@backstage/plugin-techdocs-node NPM version =1.0.0, =0.4.9-next.0, =0.0.0-nightly-20251222025103, =0.11.13, =0.0.0-nightly-20241120023536, =1.10.4-next.2 Source cves: CVE-2026-25152 Source advisory: SNYK:JS-BACKSTAGEPLUGINTECHDOCSNODE-15166605...

CVE-2019-25152

creationtimestamp| type| source ---|---|--- 2025-10-07 04:55:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-25152.yaml 2025-10-08 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m2pk24lglz2i...

CVE-2021-25152

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

CVE-2025-25152

Cross-Site Request Forgery CSRF vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through = 1.0.2...

CVE-2025-25152 WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through = 1.0.2...

CVE-2025-25152

CVE-2025-25152 describes a CSRF to Stored XSS vulnerability in WordPress plugin Smart DoFollow (affected versions from n/a through 1.0.2). Base CVSS v3.1 score 7.1 ( HIGH ) with network attack vector, user interaction required. Root cause is CSRF enabling stored XSS. Connected documents indicate ...

CVE-2025-25152 WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in LukaszWiecek Smart DoFollow smart-dofollow allows Stored XSS.This issue affects Smart DoFollow: from n/a through = 1.0.2...

CVE-2024-25152

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

CVE-2024-25152

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

CVE-2024-25152

CVE-2024-25152 affects Liferay Portal 7.2.0–7.4.2 and Liferay DXP 7.3 (before SP3) / 7.2 (before FP17) and older unsupported versions. The vulnerability is a stored XSS in the Message Board widget triggered via the filename of an attachment, allowing remote authenticated users to inject arbitrary...

CVE-2019-25152

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

CVE-2019-25152

The CVE-2019-25152 issue affects Abandoned Cart Lite for WooCommerce (≤5.1.3) and Abandoned Cart Pro for WooCommerce (≤7.12.0). The root cause is improper input sanitization and output escaping, enabling stored XSS via multiple parameters and potentially allowing unauthenticated script execution ...

CVE-2019-25152 Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

CVE-2019-25152 Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...

WordPress Abandoned Cart Pro Plugin <= 7.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Abandoned Cart Pro Type Plugin Vulnerable versions = 7.12.0 Fixed in 7.13.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2019-25152 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID e46f5b307c8a Credits WordFence Requir...

Ubuntu: Security Advisory (USN-5972-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...