4382 matches found
CVE-2025-24573
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softaculous PageLayer pagelayer allows DOM-Based XSS.This issue affects PageLayer: from n/a through = 1.9.4...
CVE-2025-24578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...
CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
CVE-2025-24730
CVE-2025-24730 is a DOM-based XSS vulnerability in the WordPress plugin WP VR (Rextheme) , caused by improper input neutralization during web page generation. Affected versions are up to and including 8.5.14. Public sources (Wordfence, Patchstack, Red Hat) indicate the issue exists and that remed...
CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
CVE-2025-24638 WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4...
CVE-2025-24638 WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through = 1.4...
CVE-2025-24573 WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softaculous PageLayer pagelayer allows DOM-Based XSS.This issue affects PageLayer: from n/a through = 1.9.4...
CVE-2025-24578 WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...
CVE-2025-24578 WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...
PT-2025-5418 · Elementor · Elementinvader Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potentia...
PT-2025-5544 · Rextheme · Rextheme Wp Vr
Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions through 8.5.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This enables potential attackers to execu...
PT-2025-5465 · Unknown · Create With Code
Name of the Vulnerable Software and Affected Versions: Create with Code versions n/a through 1.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This enables potential attackers to inject malicious scripts into the...
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
Impact Directus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
GHSA-WPHC-5F2J-JHVG Unauthenticated DOM Based XSS in YesWiki
Unauthenticated DOM Based XSS in YesWiki ' . "\n"; if $nbtotal 1 $output .= t'TAGSTOTALNBPAGES', 'nbtotal' = $nbtotal; elseif $nbtotal == 1 $output .= t'TAGSONEPAGEFOUND'; else $output .= t'TAGSNOPAGE'; $output .= !empty$tabselectedtags ? ' ' . t'TAGSWITHKEYWORD' . ' ' . implode' '...
CVE-2025-24017
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
PT-2025-5261
Name of the Vulnerable Software and Affected Versions YesWiki versions up to and including 4.4.5 Description The vulnerability allows any end-user to craft a DOM based XSS on all of YesWiki's pages, which is triggered when a user clicks on a malicious link. This issue makes use of the search by t...
CVE-2025-23896
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thom4 Mindmeister Shortcode mindmeister-shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through = 1.0...