CVE-2025-46972 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2025-25115 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this problem by manipulating the DOM environment to execute malicious JavaScript with...

CVE-2025-30935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through = 2.0.12...

CVE-2025-49301

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through = 11.5.5...

CVE-2025-27334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-49301

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through = 11.5.5...

CVE-2025-30935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through = 2.0.12...

CVE-2025-27334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-27334 WordPress Simple Google Static Map plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ángel C. Simple Google Static Map simple-google-static-map allows DOM-Based XSS.This issue affects Simple Google Static Map: from n/a through = 1.0.1...

CVE-2025-27334

CVE-2025-27334 affects the WordPress plugin Simple Google Static Map (≤1.0.1). Wordfence documentation confirms an authenticated, stored Cross-Site Scripting (DOM-based) vulnerability caused by improper input handling during web-page generation. Impact is listed as Medium (CVSS-like metrics aroun...

CVE-2025-30935

CVE-2025-30935 affects the WordPress plugin Contact Form-ready (Contact Form). It is a DOM-based XSS vulnerability in input handling during web page generation, with affected versions from n/a through 2.0.12. The public risk details in the provided documents indicate a CVSSv3.1 base score of 6.5 ...

CVE-2025-49301

CVE-2025-49301 relates to Greenshift (Greenshift – animation and page builder blocks). It describes a DOM-Based Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affected range: Greenshift from n/a through 11.5.5. The CVE notes a Medium i...

PT-2025-24119 · Unknown · Simple Google Static Map

Name of the Vulnerable Software and Affected Versions: Simple Google Static Map versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS in Ángel C. Simple Google...

CVE-2025-23890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tom Ewer Easy Tweet Embed easy-tweet-embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through = 1.7...

CVE-2025-23891

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vincent Loy Yet Another Countdown yacp allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through = 1.0.1...

CVE-2025-24732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows DOM-Based XSS.This issue affects BookingPress: from n/a through = 1.1.25...

CVE-2025-24578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...

CVE-2025-22743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode twitter-bootstrap-collapse-aka-accordian-shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian...

CVE-2025-22312

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through = 1.2.9...

CVE-2025-22584

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginsPoint Timeline Pro timeline-pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through = 1.3...