PT-2025-50057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through = 2.3.6...

EUVD-2025-198474

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...

CVE-2025-66093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 4.8...

CVE-2025-66090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

CVE-2025-66093

The CVE-2025-66093 entry concerns the WordPress plugin Extensions for Leaflet Map (extensions-leaflet-map). The issue is a DOM-based XSS caused by improper input neutralization during web page generation, affecting Extensions for Leaflet Map versions up to 4.8. Wordfence notes this vulnerability ...

CVE-2025-66090

CVE-2025-66090 is a DOM-Based XSS in WordPress plugin SKT Skill Bar (versions <= 2.5). The issue arises from improper input neutralization during web page generation, enabling cross-site scripting. Affected: SKT Skill Bar plugin for WordPress. CVSSv3.1 base score 6.5 (Network, Low/Low/Low) wit...

CVE-2025-66090 WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through = 2.5...

PT-2025-47742

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...

CVE-2025-63883

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 Bhabishya-123/E-commerce. The site's client-side JavaScript reads attacker-controlled input for example, values derived from the URL or page fragment and inserts it into the DOM via unsafe sinks...

CVE-2025-59840

A cross-site scripting XSS vulnerability has been identified in the Vega visualization library when applications accept user-supplied Vega specifications and expose Vega objects on the global browser window. An attacker can craft a malicious Vega specification that triggers hidden JavaScript...

EUVD-2025-163772

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through = 1.6.2...

CVE-2025-11892

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have...

CVE-2025-62032

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through 3.9.2...

CVE-2025-64362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-64362

The CVE-2025-64362 entry maps to a DOM-based Cross-Site Scripting (XSS) in the WordPress plugin K Elements (SeventhQueen K Elements) prior to version 5.5.0. Multiple connected sources describe a flaw arising from improper input handling during web page generation, allowing arbitrary script execut...

PT-2025-44616

Name of the Vulnerable Software and Affected Versions colabrio Ohio Extra versions through 3.6.0 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-Site Scripting issue. This allows for the potential execution of...

CVE-2025-64208

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through = 1.1.4...

CVE-2025-64202

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through 5.8.6...

CVE-2025-64202

CVE-2025-64202 relates to the WordPress Sahifa theme prior to 5.8.6. The issue is a DOM-based XSS caused by improper input neutralization during web page generation. Affected software: Sahifa (WordPress theme) versions before 5.8.6. Severity according to provided metrics is low to medium (CVSS 6....

CVE-2025-62923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through = 3.8.2...