CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

EUVD-2025-207542

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

CVE-2025-11165

Affects dotCMS with its Velocity scripting engine (VTools). The issue is a sandbox escape where authenticated users with scripting privileges can bypass SecureUberspectorImpl protections by dynamically altering the Velocity runtime configuration and reinitializing its Uberspect, removing introspe...

PT-2023-25598 · WordPress · Maxbuttons

Name of the Vulnerable Software and Affected Versions: MaxButtons plugin versions 9.5.3 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the...

CVE-2023-32604

Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...

PT-2023-19170 · WordPress · David Voswinkel Userlike – Wordpress Live Chat

Name of the Vulnerable Software and Affected Versions: David Voswinkel Userlike – WordPress Live Chat plugin versions = 2.2 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject...

CVE-2022-38073

Multiple Authenticated custom specific plugin role Persistent Cross-Site Scripting XSS vulnerability in Awesome Support plugin = 6.0.7 at WordPress...

CVE-2021-24564

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...