4404 matches found
CVE-2026-57780
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...
CVE-2026-57733
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through = 3.9.4...
CVE-2026-57411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...
CVE-2026-57780 WordPress Envision Page Builder plugin <= 0.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...
CVE-2026-57780
Technical details are not publicly provided in the connected documents. The description notes a DOM-based XSS in Envision Page Builder
CVE-2026-57814 WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...
CVE-2026-57814
The CVE-2026-57814 entry concerns the WordPress Forminator plugin (forms forminator) with a DOM-based XSS vulnerability due to improper input neutralization during web page generation. Affected versions are Forminator
CVE-2026-57409 WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...
CVE-2026-57409
The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...
CVE-2026-57732 WordPress tagDiv Opt-In Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...
CVE-2026-57365
The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...
CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...
Yonyou U8 13.0 - Cross-Site Scripting
Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...
VDO.Ninja - DOM-Based Cross-Site Scripting
VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...
Hoppscotch <= 2026.2.1 - Open Redirect
Hoppscotch = 2026.2.1 is vulnerable to a DOM-based open redirect on the /enter page. The redirect query parameter is passed directly to windowz location.href with no origin validation. Requires one additional query parameter to trigger. Exploited via a crafted URL such as...
CVE-2026-15298
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-15298
The TelSender WordPress plugin (
EUVD-2026-42805
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-4770
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...