EUVD-2025-209974

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

EUVD-2026-32184

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

CVE-2026-8837

CVE-2026-8837 affects the WordPress plugin WP Iframe Geo Style for Amazon affiliates. The stored XSS vulnerability exists in all versions up to 1.1 via the adid shortcode attribute, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level acces...

WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...

EUVD-2026-31623

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network...

WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...

WordPress plugin Avada (Fusion) Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the search.php file. It...

CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

PT-2026-41979

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An attack chain combining Stored XSS and dynamic token exposure allows an authenticated attacker to perform a complete cross-tenant account takeover. The system is vulnerable to Stored XSS through...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

WordPress plugin WOOD Products Filter for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin WP Google Maps Integration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-6002 HTML Injection in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

Cross-site Scripting (XSS)

Overview jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compar...

WordPress Music Player for Elementor – Audio Player & Podcast Player plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Music Player for Elementor – Audio Player & Podcast Player versions = 2.4.1...

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...