CVE-2025-66093 WordPress Extensions for Leaflet Map plugin <= 4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

CVE-2025-66093 WordPress Extensions for Leaflet Map plugin <= 4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

CVE-2025-66093

The CVE-2025-66093 entry concerns the WordPress plugin Extensions for Leaflet Map (extensions-leaflet-map). The issue is a DOM-based XSS caused by improper input neutralization during web page generation, affecting Extensions for Leaflet Map versions up to 4.8. Wordfence notes this vulnerability ...

CVE-2025-66090

CVE-2025-66090 is a DOM-Based XSS in WordPress plugin SKT Skill Bar (versions &lt;= 2.5). The issue arises from improper input neutralization during web page generation, enabling cross-site scripting. Affected: SKT Skill Bar plugin for WordPress. CVSSv3.1 base score 6.5 (Network, Low/Low/Low) wit...

EUVD-2025-198458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

CVE-2025-66090 WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.5.2...

CVE-2025-66057

The CVE refers to Bold Page Builder (WordPress) with a DOM-based XSS due to improper input handling during web page generation. Affected: Bold Page Builder, versions up to and including 5.5.2. Impact described in connected sources indicates a Stored Cross-Site Scripting issue that can affect auth...

PT-2025-47742

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...

WordPress TP WooCommerce Product Gallery plugin <= 1.1.9 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin TP WooCommerce Product Gallery versions = 1.1.9...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

PT-2025-47327

Name of the Vulnerable Software and Affected Versions electic-shop version 1.0 Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce v1.0, which originates from DOM-type cross-site scripting and could lead to arbitrary JavaScript execution...

CVE-2025-63883

CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...

CVE-2025-59840

A cross-site scripting XSS vulnerability has been identified in the Vega visualization library when applications accept user-supplied Vega specifications and expose Vega objects on the global browser window. An attacker can craft a malicious Vega specification that triggers hidden JavaScript...

EUVD-2025-163772

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through = 1.6.2...

CVE-2025-64292 WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through = 1.6.2...

CVE-2025-64292 WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through = 1.6.2...

CVE-2025-64292

CVE-2025-64292: WordPress Analytics Germanized for Google Analytics (ga-germanized)