EUVD-2026-9635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

EUVD-2026-9617

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through = 7.6.1...

CVE-2026-27382

RadiusTheme Metro metro (≤ 2.13) is reported to be vulnerable to DOM-based XSS in web page generation. The CVE entry describes Cross-Site Scripting in Metro with this version range; patch/mitigation details are not provided in the supplied documents. Some sources list the issue as unpatched.

CVE-2026-27382

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

CVE-2026-27348

CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...

CVE-2026-27348 WordPress Photography theme < 7.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through 7.7.6...

CVE-2026-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6...

WordPress plugin Photography 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-23256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

DOM-based XSS react-router-dom Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an unauthenticated attacker to execute arbitrary HTML or...

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

CVE-2026-2362

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...

DOM-based XSS @remix-run/router Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N allows an unauthenticated attacker to execute arbitrary HTML or JavaScrip...

CVE-2025-69368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through = 3.0.3...

CVE-2025-67984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

CVE-2026-24949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through = 5.7.1...

CVE-2025-69368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through = 3.0.3...