CVE-2026-1613

The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's listclass shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1888

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

Movable Type 代码问题漏洞

Movable Type is a content management system developed by Movable Type Inc. There are code-related vulnerabilities in Movable Type. These vulnerabilities allow non-administrator users to upload malicious files, potentially enabling administrators’ browsers to execute arbitrary scripts...

EUVD-2020-30984

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

PYSEC-2026-138

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-70960

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

MyLittleForum 2.3.5 Cross Site Scripting

Multiple Reflected cross site scripting vulnerabilities exist in MyLittleForum version 2.3.5. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

The Bug Genie 3.2.7.1 Cross Site Scripting

A cross site scripting vulnerability exists in The Bug Genie version 3.2.7.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

phpMoAdmin Cross Site Scripting

A cross site scripting vulnerability exists in phpMoAdmin. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

CVE-2026-0914

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2018-25116

The CVE-2018-25116 entry pertains to MyBB Thread Redirect Plugin version 0.2.1, which is documented to contain a cross-site scripting (XSS) vulnerability in the custom text input field for thread redirects. Attackers can inject SVG scripts that execute when other users view the thread, enabling a...

CVE-2026-0788

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

CVE-2026-0788 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

WordPress Internal Link Builder plugin cross-site scripting vulnerability

WordPress Internal Link Builder plugin is a tool used to help webmasters create internal links on WordPress sites. WordPress Internal Link Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...