CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2020-6845

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack...

CVE-2020-15952

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...

CVE-2025-39450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.7...

CVE-2025-39369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...

CVE-2025-48235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...

CVE-2025-48234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.3.0...

CVE-2025-48270

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows DOM-Based XSS.This issue affects SKT Blocks: from n/a through = 2.2...

CVE-2025-48269

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.3...

CVE-2025-39450 WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.7...

CVE-2025-39450

CVE-2025-39450 is a DOM-based XSS vulnerability in Crocoblock JetTabs (WordPress plugin) affecting JetTabs versions 2.2.7 and earlier. The issue stems from improper input neutralization during web page generation, enabling client-side script execution via crafted input. Connected sources (PT-2025...

CVE-2025-39369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...

CVE-2025-39369

CVE-2025-39369 affects WordPress Posts for Page plugin (≤ 2.1). Root cause: improper neutralization of input during web page generation, enabling DOM-based XSS. Impact per sources: cross-site scripting with low privileges and user interaction required; affected versions are n/a through 2.1. Publi...

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1...

CVE-2025-48269

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.3...

CVE-2025-48270

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows DOM-Based XSS.This issue affects SKT Blocks: from n/a through = 2.2...

CVE-2025-48235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...

CVE-2025-48234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.3.0...