CVE-2025-32230

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through = 3.4.0...

CVE-2025-32073

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting XSS.This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43...

CVE-2025-32073

CVE-2025-32073 concerns the MediaWiki - HTML Tags extension, with versions 1.39 through 1.43 affected. The root cause is improper input validation, enabling cross-site scripting (XSS). Connected sources corroborate the impact as an HTML Tags XSS vulnerability in MediaWiki. Exploitation details ar...

CVE-2025-32073 System message XSS in HTMLTags

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting XSS.This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43...

CVE-2025-32073 System message XSS in HTMLTags

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting XSS.This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43...

PT-2025-16137 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: Mediawiki - HTML Tags versions 1.39 through 1.43 Description: The issue is related to improper input validation, allowing Cross-Site Scripting XSS in Mediawiki - HTML Tags. This is due to a lack of proper validation of user input, which can...

MediaWiki 输入验证错误漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki - HTML Tags versions 1.39 through 1.43, which stems from...

WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-32200

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Cross-site Scripting (XSS)

django-tomselect is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization due to user-supplied values not being fully escaped in form widget attributes, allowing potentially dangerous HTML tags to be rendered in the browser...

CVE-2025-30676

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue...

CVE-2025-31604

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Cal.com Cal.com cal-com allows Stored XSS.This issue affects Cal.com: from n/a through = 1.0.0...

CVE-2025-31575

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through = 2.2...

CVE-2025-30676

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue...

CVE-2025-31575

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through = 2.2...

CVE-2025-31575

Technical details for CVE-2025-31575 are not disclosed in the provided documents; the corpus does not specify affected products, versions, root cause, impact, or fix beyond the high-level description.

CVE-2025-22501

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Improve My City Improve My City improve-my-city allows Reflected XSS.This issue affects Improve My City: from n/a through = 1.6...

CVE-2025-31465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cornershop Better Section Navigation Widget better-section-navigation allows Stored XSS.This issue affects Better Section Navigation Widget: from n/a through = 1.6.1...

The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. This allows attackers to inject HTML tags into the website.

The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a remote attacker to inject an HTML tag that includes a link to an external resource...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of HTML tags in users' first names. An attacker can create and send phishing emails from the affected instance's email address by injecting malicious HTML content. Details...