CVE-2025-67549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

PT-2025-50395

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

PT-2025-50371

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

PT-2025-50375

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

PT-2025-50376

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

CVE-2025-67495

ZITADEL’s DOM-Based XSS in Zitadel V2 logout (CVE-2025-67495) affects 4.0.0-rc.1 through 4.7.0 via the /logout endpoint, where the post_logout_redirect parameter could be used to route malicious JavaScript to a user’s browser. The issue requires multiple active sessions in the same browser and is...

EUVD-2025-202093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through = 1.5.2...

EUVD-2025-202105

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...

EUVD-2025-202094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a through = 1.3.17...

EUVD-2025-201968

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This issue affects Kallyas: from n/a through = 4.22.0...

EUVD-2025-201998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.7...

CVE-2025-67539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through 2.6...

CVE-2025-67542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

CVE-2025-63044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

CVE-2025-63045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through = 3.7.12...

CVE-2025-63073 WordPress The7 theme < 12.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through 12.9.0...

CVE-2025-63046 WordPress ListingPro plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through = 2.9.9...

CVE-2025-63048 WordPress ListingPro Lead Form plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through = 1.0.7...

CVE-2025-63037 WordPress Ronneby Theme Core plugin <= 1.5.68 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

CVE-2025-63011

CVE-2025-63011 is a DOM-based XSS vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking) from ThimPress, affecting versions from n/a through 2.2.7. Root cause: improper neutralization of input during web page generation (XSS). Affected component is the plugin’s web page generat...