Lucene search
K

353 matches found

Cvelist
Cvelist
added 2026/03/13 11:42 a.m.27 views

CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

5.9CVSS0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.29 views

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

6.5CVSS0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin Robo Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 12:23 a.m.3 views

CVE-2026-27247 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.9 views

EUVD-2026-10440

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/03/10 5:31 p.m.10 views

CVE-2026-0489

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.30 views

CVE-2026-27382 WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.18 views

CVE-2026-27382

RadiusTheme Metro metro (≤ 2.13) is reported to be vulnerable to DOM-based XSS in web page generation. The CVE entry describes Cross-Site Scripting in Metro with this version range; patch/mitigation details are not provided in the supplied documents. Some sources list the issue as unpatched.

7.1CVSS5.9AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.4 views

CVE-2026-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Photography 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS5.7AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.9 views

PT-2026-23256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through = 2.13...

5.9AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.18 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

7.3CVSS7.1AI score0.00184EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 6:16 p.m.9 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS0.00366EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-69367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

7.1CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.21 views

CVE-2025-68856 WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through = 1.1.1...

7.1CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-68854 WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through = 2.1.2...

5.3AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.22 views

CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

7.1CVSS0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

WordPress plugin ID Arrays 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

7.1CVSS5.7AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

WordPress plugin NPS computy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.4 views

PT-2026-21149

Name of the Vulnerable Software and Affected Versions GT3themes Oyster - Photography WordPress Theme versions through 4.4.3 Description The GT3themes Oyster - Photography WordPress Theme contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-si...

5.3AI score0.00256EPSS
Exploits0References3
Rows per page
Query Builder