Lucene search
+L

2599 matches found

RedhatCVE
RedhatCVE
added 2026/03/08 7:56 a.m.5 views

CVE-2026-2433

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 9:30 a.m.8 views

EUVD-2026-10137

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00209EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.6 views

CVE-2026-2433

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

6.1CVSS6AI score0.00209EPSS
Exploits0References7
CVE
CVE
added 2026/03/07 7:22 a.m.24 views

CVE-2026-2433

The CVE-2026-2433 entry concerns the WordPress plugin RSS Aggregator (RSS Import, News Feeds, Feed to Post, Autoblogging) up to version 5.0.11. The root cause is a DOM-based XSS via postMessage arising from admin-shell.js: a global message listener is registered without origin validation, and use...

6.1CVSS6AI score0.00209EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/06 11:40 a.m.4 views

CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 11:40 a.m.34 views

CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2...

5.9CVSS0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.8 views

CVE-2026-27382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 8:16 p.m.8 views

GHSA-VGJM-2CPF-4G7C Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/05 8:16 p.m.10 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/03/05 6:51 p.m.38 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS0.00184EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.16 views

CVE-2026-27348

CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...

7.1CVSS5.2AI score0.00191EPSS
Exploits0References1
Atlassian
Atlassian
added 2026/03/03 6:29 p.m.18 views

DOM-based XSS react-router-dom Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an unauthenticated attacker to execute arbitrary HTML or...

8.2CVSS6.1AI score0.00472EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/27 8:24 a.m.5 views

CVE-2026-2362

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...

6.4CVSS6AI score0.00205EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.9 views

CVE-2025-67984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

7.1CVSS5.5AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.5 views

CVE-2026-24949 WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through = 5.7.1...

7.1CVSS5.3AI score0.00151EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.6 views

CVE-2026-24949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through = 5.7.1...

5.4AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 3:46 p.m.12 views

CVE-2025-67984

CVE-2025-67984 is a DOM-based XSS vulnerability in the WordPress plugin NPS computy (nps-computy) , affecting versions up through and including 2.8.2 . The connected Red Hat and CVE entries confirm the flaw is an input handling/neutralization issue during web page generation that enables cross-si...

7.1CVSS5.5AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:27 p.m.6 views

CVE-2026-25305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through = 9.6.4...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:16 a.m.11 views

CVE-2026-27069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.7.2...

6.5CVSS0.0013EPSS
Exploits0References1
Rows per page
Query Builder