Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of radio button type custom fields. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted websit...

CVE-2025-39420

CVE-2025-39420 affects the WordPress WP Twitter Button plugin (versions

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

WordPress plugin WP Twitter Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-16987 · WordPress · Wp Twitter Button

Name of the Vulnerable Software and Affected Versions: WP Twitter Button versions 1.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB and JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network and so on. A cross-site scripting vulnerability exists in...

CVE-2025-3077

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Betheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Cross-Site Scripting (XSS)

react-draft-wysiwyg is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization or escaping of user-provided data in the Embedded button functionality, allowing malicious payloads to be executed when the data is saved in the tag...

Users experiencing greyed out "Log Off" buttons on CWA LTSR 2203.1

Upgraded Workspace app for Windows from 2203.1 to 2402 CU2...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

GHSA-FQ5X-7292-2P5R React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

CVE-2025-3191 affects the JavaScript WYSIWYG editor package react-draft-wysiwyg . The vulnerability is an XSS via the Embedded button, with the payload stored in the tag, enabling execution of malicious script in the user’s browser. Affected versions are described by PT-2025-14838 as 3.1 and ear...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

react-draft-wysiwyg 安全漏洞

react-draft-wysiwyg is a WYSIWYG editor built on ReactJS and DraftJS by the individual developer Jyoti Puri. A security vulnerability exists in react-draft-wysiwyg, which stems from a cross-site scripting attack via the Embedded button...

PT-2025-14838 · Unknown · React-Draft-Wysiwyg

Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...

Exploit for CVE-2025-31864

CVE-2025-31864 1️⃣ Component type WordPress plugin 2️...

CVE-2025-31864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through = 1.0.23...