CVE-2025-47049 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...

CVE-2025-47049

Adobe Experience Manager (AEM) 6.5.22 and earlier is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue allows malicious JavaScript execution in a victim’s browser when a user visits a specially crafted page; exploitation requires user interaction. Multiple connected sour...

CVE-2025-26395 SolarWinds SWOSH DOM-based reflective XSS Vulnerability

SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting XSS vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required...

PT-2025-25115 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this problem by manipulating the DOM environment to execute malicious JavaScript with...

CVE-2025-30935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through = 2.0.12...

CVE-2025-49301

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through = 11.5.5...

CVE-2025-27334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-49301

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through = 11.5.5...

CVE-2025-30935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through = 2.0.12...

CVE-2025-27334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-27334 WordPress Simple Google Static Map plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-27334

CVE-2025-27334 affects the WordPress plugin Simple Google Static Map (≤1.0.1). Wordfence documentation confirms an authenticated, stored Cross-Site Scripting (DOM-based) vulnerability caused by improper input handling during web-page generation. Impact is listed as Medium (CVSS-like metrics aroun...

CVE-2025-30935

CVE-2025-30935 affects the WordPress plugin Contact Form-ready (Contact Form). It is a DOM-based XSS vulnerability in input handling during web page generation, with affected versions from n/a through 2.0.12. The public risk details in the provided documents indicate a CVSSv3.1 base score of 6.5 ...

CVE-2025-49301 WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through = 11.5.5...

CVE-2025-49301

CVE-2025-49301 relates to Greenshift (Greenshift – animation and page builder blocks). It describes a DOM-Based Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affected range: Greenshift from n/a through 11.5.5. The CVE notes a Medium i...

WordPress plugin Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-24119 · Unknown · Simple Google Static Map

Name of the Vulnerable Software and Affected Versions: Simple Google Static Map versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS in Ángel C. Simple Google...

WordPress plugin Simple Google Static Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2025-5096

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. Th...

CVE-2025-23890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tom Ewer Easy Tweet Embed easy-tweet-embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through = 1.7...