190 matches found
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping,...
CVE-2020-24582
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...
CVE-2024-2772
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...
CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...
PT-2025-48221
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
EUVD-2025-198387
The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
SelfBest 安全漏洞
SelfBest is a development-focused platform from SelfBest, Inc. in the United States. A security vulnerability exists in SelfBest version 2023.3, which stems from insufficient cleanup and escaping of chat message input fields in the chat feature, which could lead to a stored cross-site scripting...
PT-2025-45070
Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions 6.15.1.1 through 6.15.9 Description The Events Calendar plugin for WordPress is susceptible to a blind SQL injection issue. This is due to inadequate escaping of user-provided input and...
EUVD-2018-3365
Malware in sbrugna...
EUVD-2021-11598
Malware in sbrugna...
EUVD-2018-13268
Malware in sbrugna...
EUVD-2025-20516
Malicious code in bioql PyPI...
EUVD-2025-27451
Malicious code in bioql PyPI...
EUVD-2023-34182
Malicious code in bioql PyPI...
EUVD-2022-4761
Malicious code in bioql PyPI...
EUVD-2024-47883
Malicious code in bioql PyPI...
EUVD-2022-4110
Malicious code in bioql PyPI...
EUVD-2024-49892
Malicious code in bioql PyPI...
EUVD-2023-44181
Malicious code in bioql PyPI...