CVE-2025-50033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...

CVE-2025-50037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through = 2.3.0...

PT-2025-26598 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2025.03.3 Description: A DOM-based XSS issue was found at the Performance Monitor page. Recommendations: For versions prior to 2025.03.3, update to version 2025.03.3 or later to resolve the issue...

The vulnerability of the data visualization plugin in the Grafana XY Chart Plugin system arises from the lack of security measures taken to protect the structure of the web page. This allows attackers to execute DOM-based XSS attacks.

The vulnerability of the data visualization plugin in the Grafana XY Chart Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute a DOM-based XSS attack remotely...

CVE-2025-52552

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-52552

CVE-2025-52552 concerns FastGPT, where the LastRoute Parameter on the login page, in versions prior to 4.9.12, is vulnerable to open redirects and DOM-based XSS due to improper validation and lack of sanitization. This can allow an attacker to execute malicious JavaScript or redirect users to att...

PT-2025-26492

Name of the Vulnerable Software and Affected Versions: FastGPT versions prior to 4.9.12 Description: The issue concerns the LastRoute Parameter on the login page, which is vulnerable to open redirect and DOM-based XSS due to improper validation and lack of sanitization. This allows attackers to...

CVE-2025-52733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anonform Ab ANON::form embedded secure form anonform-embedded-secure-form allows DOM-Based XSS.This issue affects ANON::form embedded secure form: from n/a through = 1.7...

CVE-2025-50045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProWCPlugins Related Products Manager for WooCommerce related-products-manager-woocommerce allows DOM-Based XSS.This issue affects Related Products Manager for WooCommerce: from n/a through = 1.6.2...

CVE-2025-50030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through = 1.0.7...

CVE-2025-50037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through = 2.3.0...

CVE-2025-50033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...

CVE-2025-50037 WordPress Buying Buddy IDX CRM plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0...

CVE-2025-50045

CVE-2025-50045 concerns the WordPress plugin Related Products Manager for WooCommerce (versions up to and including 1.6.2). The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. This vulnerability can enable a malicious actor to inject script via inpu...

CVE-2025-52733

CVE-2025-52733 concerns the WordPress plugin ANON::form embedded secure form (versions

PT-2025-26410 · Unknown · Anon::Form

Name of the Vulnerable Software and Affected Versions: ANON::form embedded secure form versions 1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS in the ANON::form...

PT-2025-26386 · Unknown · Sparkle Themes Fitness Park

Name of the Vulnerable Software and Affected Versions: Sparkle Themes Fitness Park versions n/a through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attack...

PT-2025-26396 · Woocommerce · Related Products Manager For Woocommerce

Name of the Vulnerable Software and Affected Versions: Related Products Manager for WooCommerce versions 1.6.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means...