CVE-2025-31885

CVE-2025-31885 concerns the Hyperlink Group Block WordPress plugin. The vulnerability affects Hyperlink Group Block, version 2.0.1 and earlier, with an authenticated (Contributor+) cross-site scripting flaw. The CVE description identifies a Cross-Site Scripting issue (documented as DOM-Based XSS ...

CVE-2025-31543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Twice Commerce Twice Commerce embed-rentle allows DOM-Based XSS.This issue affects Twice Commerce: from n/a through = 1.3.1...

CVE-2025-30963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through = 3.6.3...

CVE-2025-30903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alex Mills SyntaxHighlighter Evolved syntaxhighlighter allows DOM-Based XSS.This issue affects SyntaxHighlighter Evolved: from n/a through = 3.7.1...

CVE-2025-26738

CVE-2025-26738 is a DOM-based XSS vulnerability in the Quick Interest Slider WordPress plugin. The vulnerability is described as Improper Neutralization of Input During Web Page Generation (XSS) and is associated with Quick Interest Slider versions from n/a through 3.1.3. The connected Wordfence ...

CVE-2025-26738 WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through = 3.1.5...

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3...

CVE-2025-30893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through = 3.0.2...

CVE-2025-30893

CVE-2025-30893 affects LeadConnector plugin for WordPress (LeadConnector

CVE-2024-53967 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...

CVE-2024-53967

CVE-2024-53967 affects Adobe Experience Manager 6.5.21 and earlier, due to a DOM-based XSS flaw that allows an attacker with low privileges to cause arbitrary code execution in the victim’s browser after user interaction. The issue stems from insufficient input handling in the DOM environment. Af...

CVE-2024-53968 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...

CVE-2024-53968 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...

CVE-2024-53969

Adobe Experience Manager (AEM) 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The issue arises from DOM manipulation in the victim’s browser, allowing a low-privilege attacker to inject scripts that execute in the user’s browser session. Exploitation requ...

CVE-2025-26895 WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows DOM-Based XSS.This issue affects m1.DownloadList: from n/a through = 0.19...

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-27330

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PlayerJS PlayerJS playerjs allows DOM-Based XSS.This issue affects PlayerJS: from n/a through = 2.23...

CVE-2025-27320

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pankaj Mondal Profile Widget Ninja profile-widget-ninja allows DOM-Based XSS.This issue affects Profile Widget Ninja: from n/a through = 4.3...

CVE-2025-27266

CVE-2025-27266 is a DOM-based XSS in the WordPress plugin Hover Image Button, with vulnerability reported for versions up to 1.1.2 and earlier. The connected documents confirm improper input neutralization during web page generation as the root cause. No explicit fix version is provided in the su...

CVE-2024-53965

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...