4380 matches found
CVE-2026-42729 WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...
CVE-2026-48968
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...
PT-2026-43670
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...
WordPress plugin WPCS 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Advanced IP Blocker 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-45435
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...
PT-2026-43148
Name of the Vulnerable Software and Affected Versions WP Activity Log versions prior to 5.6.4 Description Improper neutralization of input during web page generation in Melapress WP Activity Log allows for DOM-Based Cross-site Scripting XSS, a flaw where the application contains client-side...
WordPress plugin WP Activity Log 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
TeleJSON 跨站脚本漏洞
TeleJSON is an open-source JSON extension library developed by Storybook that supports complex data types. Versions of TeleJSON prior to 6.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a DOM-based cross-site scripting vulnerability within the parse function...
CVE-2026-41575 th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting XSS vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been...
CVE-2026-41575 th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting XSS vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been...
IP 跨站脚本漏洞
IP is an open-source IP address query and display tool developed by th30d4y. Versions of IP from 1.0.1 to 2.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning of user input, which could lead to cross-site scripting attacks based on DOM...
CVE-2025-62127
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...
WordPress plugin WEN Logo Slider 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
DOM-based XSS in Jira Software Data Center
This High severity DOM-based XSS vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of...
CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-13362
CVE-2024-13362 concerns Freemius versions <= 2.10.1 used in multiple WordPress plugins/themes. The flaw is a reflected DOM-based XSS via the url parameter , caused by insufficient input sanitization and output escaping. Consequences: unauthenticated attackers could cause a user to execute arbi...
EUVD-2026-26366
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...