1064 matches found
CVE-2025-68385
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a method in Vega bypassing a previous Vega XSS mitigation...
CVE-2025-64225 WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...
CVE-2025-64225
CVE-2025-64225 concerns the WordPress plugin Stockie Extra (
CVE-2025-64225 WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...
EUVD-2023-60220
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...
CVE-2023-53910
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...
CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...
CVE-2025-64633
The CVE-2025-64633 entry concerns the WordPress Norebro Extra plugin (versions up to 1.6.8) with a Basic XSS issue: Improper Neutralization of Script-Related HTML Tags in a Web Page that can lead to Code Injection. Connected sources (PT-2025-51404, Patchstack, and CVE records) confirm the affecte...
CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...
CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...
CVE-2025-53523
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...
CVE-2025-63068
CVE-2025-63068 : Affected is the WordPress plugin Contact Form 7 Dynamic Text Extension . The issue is an improper neutralization of script-related HTML tags in the plugin, leading to a Basic XSS / Code Injection vulnerability. Affected versions are the plugin up to and including 5.0.3 (from the ...
CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...
CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...
GHSA-WRWG-2HG8-V723 Astro vulnerable to reflected XSS via the server islands feature
Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...
CVE-2025-60244 WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through = 1.0.5.1...
CVE-2025-60244 WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through = 1.0.5.1...
CVE-2025-60244
CVE-2025-60244 concerns a Basic XSS in the WordPress TableOn plugin (RealMag777 TableOn posts-table-filterable) caused by improper neutralization of script-related HTML tags, enabling code injection. Affected versions are TableOn <= 1.0.4.2 (per initial sources); later entries also reference
CVE-2025-49398 WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through = 3.12.14...
CVE-2025-49398 WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through = 3.12.14...