891 matches found
CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...
PT-2025-36954
Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic. The requestURL parameter,...
Litestar has potential log injection in exception logging
Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...
CVE-2025-49322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...
CVE-2025-49322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...
CVE-2025-49322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...
CVE-2025-49322 WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...
CVE-2025-49322 WordPress 404 Page by SeedProd < 1.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a...
CVE-2025-49322
CVE-2025-49322 affects the WordPress plugin 404 Page by SeedProd. It is a Stored XSS vulnerability in the page generation flow, exploitable only by authenticated attackers (Administrator+). Affected versions are up to 1.0.1; a fix is available in 1.0.2+ (upgrade recommended). CVSS v3.1 base score...
PT-2025-24246 · Seedprod · Seedprod 404 Page
Name of the Vulnerable Software and Affected Versions: SeedProd 404 Page by SeedProd affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This enables an...
CVE-2024-1068
The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...
CVE-2024-34423
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a through 1.4...
CVE-2024-24889
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...
CVE-2024-11118
The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...
CVE-2023-52146
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0...
CVE-2023-32740
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.8.1 versions...
CVE-2023-51540
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0...
CVE-2023-33276
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without...
CVE-2023-2032
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities...
CVE-2023-2023
The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...