EUVD-2025-22459

Malicious code in bioql PyPI...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

CVE-2025-56379

CVE-2025-56379: A stored XSS in ERPNext v15.67.0 blog module (Frappe v15.72.4) via the blog post content field. An authenticated user who can create/edit posts can inject crafted HTML/JS; payload is stored and can execute in other users’ browsers viewing the post. Affected components: ERPNext Blo...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

Cross-site Scripting (XSS)

Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

CVE-2025-50481

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...

CVE-2024-46996

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue...

CVE-2025-32233

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.3...

CVE-2025-32233

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.3...

CVE-2025-3074

creationtimestamp| type| source ---|---|--- 2025-04-02 03:01:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llsfj27thy24 2025-04-02 04:07:03+00:00| seen| https://t.me/cvedetector/21835 2025-04-04 00:14:47+00:00| seen|...

CVE-2025-22648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Devs Blog, Posts and Category Filter for Elementor blog-posts-and-category-for-elementor allows Stored XSS.This issue affects Blog, Posts and Category Filter for Elementor: from n/a through ...

WordPress plugin Blog, Posts and Category Filter for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin Blog, Posts and Category Filter for Elementor versions = 2.0.1...