Lucene search
+L

1064 matches found

nvd
nvd
added 2025/12/18 11:15 p.m.5 views

CVE-2025-68385

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a method in Vega bypassing a previous Vega XSS mitigation...

7.2CVSS0.00205EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/18 7:22 a.m.39 views

CVE-2025-64225 WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

6.5CVSS0.0026EPSS
Exploits0References1
cve
cve
added 2025/12/18 7:22 a.m.7 views

CVE-2025-64225

CVE-2025-64225 concerns the WordPress plugin Stockie Extra (

6.5CVSS6.2AI score0.0026EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/18 7:22 a.m.2 views

CVE-2025-64225 WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

6.5CVSS6.2AI score0.0026EPSS
Exploits0References1
euvd
euvd
added 2025/12/18 12:34 a.m.4 views

EUVD-2023-60220

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS5.6AI score0.00267EPSS
Exploits1References4
nvd
nvd
added 2025/12/17 11:15 p.m.8 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS0.00267EPSS
Exploits1References3
osv
osv
added 2025/12/17 10:44 p.m.6 views

CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.1CVSS6AI score0.00267EPSS
Exploits1References5
cve
cve
added 2025/12/16 8:12 a.m.9 views

CVE-2025-64633

The CVE-2025-64633 entry concerns the WordPress Norebro Extra plugin (versions up to 1.6.8) with a Basic XSS issue: Improper Neutralization of Script-Related HTML Tags in a Web Page that can lead to Code Injection. Connected sources (PT-2025-51404, Patchstack, and CVE records) confirm the affecte...

5.3CVSS6.2AI score0.00245EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/16 8:12 a.m.2 views

CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

5.3CVSS6.2AI score0.00245EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/16 8:12 a.m.35 views

CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

5.3CVSS0.00245EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/12 5:1 a.m.4 views

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

5.4CVSS5.6AI score0.00147EPSS
Exploits0References2
cve
cve
added 2025/12/09 2:52 p.m.34 views

CVE-2025-63068

CVE-2025-63068 : Affected is the WordPress plugin Contact Form 7 Dynamic Text Extension . The issue is an improper neutralization of script-related HTML tags in the plugin, leading to a Basic XSS / Code Injection vulnerability. Affected versions are the plugin up to and including 5.0.3 (from the ...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/09 2:52 p.m.3 views

CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

5.3CVSS5.2AI score0.00245EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/09 2:52 p.m.28 views

CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

5.3CVSS0.00245EPSS
Exploits0References1
osv
osv
added 2025/11/19 8:0 p.m.4 views

GHSA-WRWG-2HG8-V723 Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

7.1CVSS6.6AI score0.00456EPSS
Exploits1References4
cvelist
cvelist
added 2025/11/06 3:55 p.m.9 views

CVE-2025-60244 WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

7.1CVSS0.00214EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/06 3:55 p.m.3 views

CVE-2025-60244 WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

7.1CVSS5.2AI score0.00214EPSS
Exploits0References1
cve
cve
added 2025/11/06 3:55 p.m.9 views

CVE-2025-60244

CVE-2025-60244 concerns a Basic XSS in the WordPress TableOn plugin (RealMag777 TableOn posts-table-filterable) caused by improper neutralization of script-related HTML tags, enabling code injection. Affected versions are TableOn &lt;= 1.0.4.2 (per initial sources); later entries also reference

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/06 3:53 p.m.1 views

CVE-2025-49398 WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through = 3.12.14...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/06 3:53 p.m.10 views

CVE-2025-49398 WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through = 3.12.14...

6.5CVSS0.00236EPSS
Exploits0References1
Rows per page
Query Builder