Lucene search
K

2587 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/09 10:39 a.m.6 views

CVE-2026-25847

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible...

8.2CVSS5.4AI score0.00201EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/06 11:26 p.m.7 views

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

6.4CVSS5.3AI score0.00245EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.11 views

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS5.8AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.14 views

CVE-2026-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS0.00198EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.3 views

CVE-2026-24632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through = 1.0.0...

5.9CVSS5.9AI score0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 2:29 p.m.13 views

CVE-2026-24632

CVE-2026-24632 describes a DOM-Based XSS in the WordPress plugin Delay Redirects prior to 1.0.0, caused by improper input neutralization during web-page generation. The issue affects Delay Redirects

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.12 views

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

5.9CVSS5.9AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.3 views

CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.5 views

PT-2026-4376

Name of the Vulnerable Software and Affected Versions Steve Truman Email Inquiry & Cart Options for WooCommerce versions through 3.4.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This...

5.4AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2026-24354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through = 6.1...

6.5CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.17 views

CVE-2026-24383

CVE-2026-24383 concerns the WordPress plugin B Slider (b-slider) with versions up to and including 2.0.6, which is affected by a DOM-based Cross-Site Scripting (XSS) in input handling during web page generation. The vulnerability is classified as medium severity (CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C...

6.5CVSS5.4AI score0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2026-22349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through = 1.4.1...

5.4CVSS5.3AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 4:51 p.m.14 views

CVE-2025-50005

The CVE-2025-50005 entry concerns tagDiv Composer (td-composer) for WordPress, affected through version 5.4.2. The issue is a DOM-Based XSS vulnerability caused by improper neutralization of input during web page generation, enabling injection of script code in user-controlled content. Public doc...

6.5CVSS5.4AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.12 views

WordPress plugin Carousel Horizontal Posts Content Slider has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-4272

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through = 1.3.2...

5.4AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.12 views

PT-2026-4102

Name of the Vulnerable Software and Affected Versions Kriesi Enfold versions through 7.1.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the potential execution of...

5.4AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2026/01/20 3:16 p.m.7 views

CVE-2025-15380

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

7.2CVSS0.00242EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 2:26 p.m.24 views

CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

7.2CVSS0.00242EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:26 p.m.2 views

CVE-2025-15380

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...

7.2CVSS5.5AI score0.00242EPSS
Exploits0References4
Rows per page
Query Builder