DRUPAL-CONTRIB-2026-033

This module enables you to obfuscate email addresses in content. The module doesn't sufficiently sanitize user input via the Twig filter. This vulnerability is mitigated by the fact that it only affects sites using the ROT13 encoding and where an attacker can enter content that is filtered using...

PT-2026-34625

Name of the Vulnerable Software and Affected Versions Obfuscate versions 0.0.0 through 2.0.1 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module, which obfuscates email addresses in content, fails to sufficiently sanitize user input...

CVE-2023-50720

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's...

EUVD-2025-4016

Malicious code in bioql PyPI...

EUVD-2025-7811

Malicious code in bioql PyPI...

CVE-2023-34467

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...

DRUPAL-CONTRIB-2025-029

This module enables you to obfuscate email addresses, to avoid them being easily available to spammers. The module doesn't sufficiently sanitise input when ROT13 encoding is used. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to enter specific HTML...

CVE-2025-27823

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...

CVE-2025-27823

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...

CVE-2025-27823

CVE-2025-27823 concerns the Mail Disguise module for Backdrop CMS, prior to version 1.x-1.0.5. The issue arises from insufficient validation of the data attribute value on links, which can enable a Cross Site Scripting (XSS) vulnerability if an attacker can insert anchor elements containing data ...

CVE-2025-27823

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...

DRUPAL-CONTRIB-2025-016

This module enables your site to obfuscate Email addresses and prevent spambots to collect them. The module doesn't sanitize HTML data attributes when an email address link is transformed to separate span HTML elements and then transformed back by JavaScript leading to a Cross Site Scripting XSS...

CVE-2025-25076

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicholaswilson Graceful Email Obfuscation graceful-email-obfuscation allows Stored XSS.This issue affects Graceful Email Obfuscation: from n/a through = 0.2.2...

CVE-2025-25076

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicholaswilson Graceful Email Obfuscation graceful-email-obfuscation allows Stored XSS.This issue affects Graceful Email Obfuscation: from n/a through = 0.2.2...

CVE-2025-25076

CVE-2025-25076 affects the WordPress plugin Graceful Email Obfuscation (versions up to 0.2.2). It enables a stored Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. Public references in the provided documents confirm the vulnerability and affected scope, ...

CVE-2025-25076 WordPress Graceful Email Obfuscation plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicholaswilson Graceful Email Obfuscation graceful-email-obfuscation allows Stored XSS.This issue affects Graceful Email Obfuscation: from n/a through = 0.2.2...

CVE-2025-25076 WordPress Graceful Email Obfuscation plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2...

PT-2025-5915 · Nicholaswilson · Graceful Email Obfuscation

Name of the Vulnerable Software and Affected Versions: nicholaswilson Graceful Email Obfuscation versions 0.2.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

WordPress plugin Graceful Email Obfuscation 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Graceful Email Obfuscation plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Graceful Email Obfuscation versions = 0.2.2...