CVE-2025-47049 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...

CVE-2025-47049

Adobe Experience Manager (AEM) 6.5.22 and earlier is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue allows malicious JavaScript execution in a victim’s browser when a user visits a specially crafted page; exploitation requires user interaction. Multiple connected sour...

CVE-2024-52349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Md. Shiddikur Rahman Awesome Tool Tip awesome-tool-tip allows DOM-Based XSS.This issue affects Awesome Tool Tip: from n/a through = 1.0...

CVE-2024-54250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through = 3.0.8...

CVE-2024-51799

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vadim Bogaiskov Bg Patriarchia BU bg-patriarchia-bu allows DOM-Based XSS.This issue affects Bg Patriarchia BU: from n/a through = 2.2.3...

CVE-2024-51931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shazahanul Islam Shohag AzonBox azonbox allows DOM-Based XSS.This issue affects AzonBox: from n/a through = 1.1.2...

CVE-2024-51841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abdul Awal Uzzal File Select Control For Elementor file-select-control-for-elementor allows DOM-Based XSS.This issue affects File Select Control For Elementor: from n/a through = 1.3...

CVE-2024-51797

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Md. Shiddikur Rahman Ultimate Accordion ultimate-accordion allows DOM-Based XSS.This issue affects Ultimate Accordion: from n/a through = 1.0...

CVE-2024-51916

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Creative Brahma Multifox Plus multifox-plus allows DOM-Based XSS.This issue affects Multifox Plus: from n/a through = 1.1.6...

CVE-2024-51893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FixoLab Postify: Post Layout For Elementor postify-for-elementor allows DOM-Based XSS.This issue affects Postify: Post Layout For Elementor: from n/a through = 1.0.1...

CVE-2024-51598

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kendysond Selar.co Widget selar-co-widget allows DOM-Based XSS.This issue affects Selar.co Widget: from n/a through = 1.2...

CVE-2024-53772

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Mail Picker mail-picker allows DOM-Based XSS.This issue affects Mail Picker: from n/a through = 1.0.15...

CVE-2024-50547

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark Hodder Themedy Toolbox themedy-toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through = 1.0.16...

CVE-2024-51912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lilaeamedia IntelliWidget Elements intelliwidget-elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through = 2.2.7...

CVE-2021-23027

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

CVE-2020-8348

A DOM-based cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing...

CVE-2017-17678

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...

CVE-2025-39450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.7...

CVE-2025-48135

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aptivadadev Aptivada for WP aptivada-for-wp allows DOM-Based XSS.This issue affects Aptivada for WP: from n/a through = 2.0.0...

CVE-2025-47493 WordPress Ultimate Blocks plugin <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through = 3.2.9...