CVE-2025-58220

CVE-2025-58220 corresponds to Card Elements for WPBakery (WordPress) and is an XSS vulnerability (Stored Cross-Site Scripting) in Card Elements for WPBakery. Affected: Card Elements for WPBakery plugin, evidence shows vulnerable component is Card Elements for WPBakery

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

CVE-2025-58651 WordPress PlayerJS Plugin <= 2.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.24...

WordPress plugin Real Estate Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-38798

Name of the Vulnerable Software and Affected Versions e-plugins Directory Pro versions through 2.5.5 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for potential malicious code...

PT-2025-39021

Name of the Vulnerable Software and Affected Versions WPFactory Adverts versions through 1.4 Description A flaw exists in WPFactory Adverts that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability cou...

CVE-2025-58870 WordPress WP-GraphViz Plugin <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeBAAT WP-GraphViz wp-graphviz allows DOM-Based XSS.This issue affects WP-GraphViz: from n/a through = 1.5.1...

CVE-2025-58834 WordPress short.io Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gugu short.io wp-shortcm allows DOM-Based XSS.This issue affects short.io: from n/a through = 2.4.2...

CVE-2025-58822 WordPress WP Mail Plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows DOM-Based XSS.This issue affects WP Mail: from n/a through = 1.3...

WordPress plugin Pie Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-58212

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows DOM-Based XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.1...

PT-2025-34923 · Epeken · Epeken Kurir

Name of the Vulnerable Software and Affected Versions: epeken Epeken All Kurir versions through 2.0.1 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update to a version later than...

Exploit for CVE-2025-60739

ilevia-EVE-X1-Server-CSRF ilevia EVE X1 Server /bhwebbackend...

CVE-2025-47054 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-8451 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items'

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. Thi...

PT-2025-33198 · Unknown · Thanhd Supermalink

Name of the Vulnerable Software and Affected Versions: ThanhD Supermalink versions n/a through 1.1 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a DOM-Based Cross-site Scripting condition. Recommendations: Versions prior to 1.2...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

CVE-2025-4284

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rolantis Information Technologies Agentis allows Reflected XSS, DOM-Based XSS. This issue affects Agentis: before 4.32...

CVE-2025-4284

CVE-2025-4284 affects Rolantis Information Technologies’ Agentis (pre-4.32). The issue is an Improper Neutralization of Input During Web Page Generation that enables Reflected XSS and DOM-Based XSS. Per the sources, the vulnerability impacts Agentis versions before 4.32, with CVSSv3.1 base metric...