4382 matches found
CVE-2025-22793
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through = 3.1.4...
CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...
CVE-2020-6847
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript...
CVE-2024-53965
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53963
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53965
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53963
Adobe Experience Manager (AEM) versions 6.5.21 and earlier are affected by a DOM-based XSS vulnerability that can let a low-privilege attacker execute arbitrary code in the victim’s browser. Exploitation requires user interaction via a manipulated URL/input; the issue arises from DOM handling and...
CVE-2024-53963 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53963 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53965 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
CVE-2024-53965 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...
CVE-2025-23987 WordPress Designer plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codegearthemes Designer designer allows DOM-Based XSS.This issue affects Designer: from n/a through = 1.6.4...
CVE-2025-23987
CVE-2025-23987: DOM-based XSS in WordPress Designer plugin (CodegearThemes Designer) affecting Designer versions up to 1.6.0. Public records (NVD/Red Hat) reiterate the same description. Patchstack entry indicates mitigation via a fix in 1.6.4 (and later). Recommendation: upgrade to 1.6.4 or newe...
WordPress ElementsKit Pro plugin <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via url Parameter vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.7.8...
CVE-2025-0321
The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-24732
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25...
CVE-2025-24730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
CVE-2025-24732
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through = 1.1.25...
CVE-2025-24638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through = 1.4...