CVE-2024-53963

Adobe Experience Manager (AEM) versions 6.5.21 and earlier are affected by a DOM-based XSS vulnerability that can let a low-privilege attacker execute arbitrary code in the victim’s browser. Exploitation requires user interaction via a manipulated URL/input; the issue arises from DOM handling and...

CVE-2024-53963 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...

CVE-2024-53965 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted UR...

CVE-2025-23831 WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through = 1.2.6...

CVE-2025-23833 WordPress Links/Problem Reporter plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RaminMT Links/Problem Reporter report-broken-links allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through = 2.6.0...

CVE-2025-22758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

CVE-2025-22742 WordPress WP ViewSTL plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in falldeaf WP ViewSTL wp-viewstl allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through = 1.0...

CVE-2025-22806 WordPress Black Widgets For Elementor plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through = 1.3.8...

CVE-2025-22808 WordPress Surbma | Premium WP plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Surbma Surbma | Premium WP surbma-premium-wp allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through = 9.0...

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

CVE-2025-22500 WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through = 1.2.0...

CVE-2025-22309 WordPress SpeakOut! Email Petitions plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RopeSwingHld SpeakOut! Email Petitions speakout allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through = 4.4.2...

CVE-2024-56235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vicky Kumar Coupon coupon-lite allows DOM-Based XSS.This issue affects Coupon: from n/a through = 1.2.2...

CVE-2024-54346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through = 1.6...

CVE-2024-54338

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christerf Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through = 1.0.2...

CVE-2024-54338 WordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christerf Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through = 1.0.2...

CVE-2024-54338

CVE-2024-54338 affects Hello Event Widgets For Elementor (WordPress) and allows DOM-based XSS due to improper neutralization of user input during web page generation for Hello Event Widgets For Elementor

CVE-2024-54315 WordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2...

CVE-2024-52839

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...

CVE-2024-52838

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user inpu...