CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

EUVD-2019-8023

Malware in sbrugna...

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

CVE-2025-23525

CVE-2025-23525 is a reflected cross-site scripting vulnerability in the WordPress plugin Kv Compose Email From Dashboard (Kv Send Email From Admin) with affected versions up to 1.1. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sour...

D-Link DIR-X3260 安全漏洞

The D-Link DIR-X3260 is a mainstream router from D-Link that supports Wi-Fi 6. The D-Link DIR-X3260 suffers from a command injection vulnerability that stems from the SetSysEmailSettings EmailFrom command injection remote code execution vulnerability. An attacker can exploit this vulnerability to...

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin...

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

vtenext cross-site scripting vulnerability

vtenext is a unique open source CRM + BPM solution for comprehensive management of leads, contacts and customers. A cross-site scripting vulnerability exists in the Messaging module of vtenext version 19 CE. The vulnerability can be exploited to inject arbitrary JavaScript code via the "From" fie...

CVE-2020-10227

A cross-site scripting XSS vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email...

SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...