WordPress Plugin Ads by WPQuads Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Ads by WPQuads has a cross-site scripting vulnerability that stems from the...

Stored Cross-site Scripting (XSS)

com.liferay, com.liferay.plugins.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the components tab, which allows an attacker to inject and execute arbitrary web scripts or HTML in the victim’s browser...

WordPress Media Player Addons for Elementor plugin cross-site scripting vulnerability

WordPress Media Player Addons for Elementor plugin is a plugin designed for Elementor page builder, mainly used to extend the media playback functionality. A cross-site scripting vulnerability exists in the WordPress Media Player Addons for Elementor plugin, which stems from insufficient input...

WordPress plugin Memberlite Shortcodes 安全漏洞

WordPress Memberlite Shortcodes plugin is a plugin used to extend the functionality of the theme, mainly used to add additional features to the WordPress theme, such as content display controls, layout tools, etc., while allowing users to use specific features without completely replacing the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formtodatabase exten. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs...

Unmark Marks.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. A cross-site scripting vulnerability exists in Unmark 1.9.3 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file application/views/marks/info.ph...

CVE-2025-9879

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2025-8316

The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Cross-site Scripting (XSS)

Overview @webrecorder/wabac is a service worker based web archive replay Affected versions of this package are vulnerable to Cross-site Scripting XSS via the 404 error handling process. An attacker can execute arbitrary JavaScript in the victim's browser by crafting a malicious URL that injects...

CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

CVE-2025-9061

The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...

POS Point of Sale System /2512.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...