CVE-2025-7387

The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Alteryx Server 跨站脚本漏洞

Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing and executing workflows. A security vulnerability exists in Alteryx Server version 2023.1.1.460, which originates in the body of the notification and could allow a remote attacker to inject...

CVE-2025-5237

CVE-2025-5237 (Target Video Easy Publish, WordPress) is a stored XSS vulnerability. The issue affects Target Video Easy Publish plugin versions up to 3.8.5, where the width parameter is not properly sanitized/escaped. An attacker with Contributor-level access or higher can inject scripts that exe...

WordPress Hot Random Image Cross-Site Scripting Vulnerability

WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2024-3814

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuitebutton' shortcode in all versions up to, and including, 2.8.1 due to insufficient input...

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2023-39938

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

CVE-2022-22868

Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting XSS vulnerability, that allows attackers to inject arbitrary script via name parameters...

CVE-2022-47877

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...

CVE-2022-21799

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...

CVE-2021-20629

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-44584

Cross-site scripting XSS vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

CVE-2021-20724

Reflected cross-site scripting vulnerability in the admin page of Telop01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20688

Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-20673

Stored cross-site scripting vulnerability in Admin Page of GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...