25 matches found
CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-1694
Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficie...
WordPress plugin Header and Footer Scripts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2024-52109
Malicious code in bioql PyPI...
EUVD-2025-14789
Malicious code in bioql PyPI...
CVE-2025-31091
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Header and Footer cm-header-footer-script-loader allows Stored XSS.This issue affects CM Header and Footer: from n/a through = 1.2.4...
CVE-2025-31091
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Header and Footer cm-header-footer-script-loader allows Stored XSS.This issue affects CM Header and Footer: from n/a through = 1.2.4...
CVE-2025-31091 WordPress CM Header and Footer plugin <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Header and Footer cm-header-footer-script-loader allows Stored XSS.This issue affects CM Header and Footer: from n/a through = 1.2.4...
WordPress plugin CreativeMindsSolutions CM Header and Footer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress CM Header & Footer Script Loader plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin CM Header and Footer versions = 1.2.2...
WordPress CM Header & Footer Script Loader plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Header and Footer versions = 1.2.0...
CVE-2024-53777
Cross-Site Request Forgery CSRF vulnerability in Alberto Reineri Simple Header and Footer simple-header-and-footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through = 1.0.0...
CVE-2024-53777 WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0...
CVE-2024-53777 WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Alberto Reineri Simple Header and Footer simple-header-and-footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through = 1.0.0...
CVE-2024-53777
CVE-2024-53777 describes a CSRF-to-Stored XSS vulnerability in the WordPress plugin Simple Header and Footer (versions n/a through 1.0.0). Affected component is the Simple Header and Footer plugin for WordPress; root cause is CSRF enabling stored script execution, potentially impacting users of t...
WordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Simple Header and Footer versions = 1.0.0...
WordPress CM Header & Footer Script Loader plugin <= 1.2.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CM Header and Footer versions = 1.2.1...
Concrete CMS Cross-site Scripting vulnerability
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics...
CVE-2023-44760
Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an...
Cross-Site Scripting (XSS)
moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the Header and Footer parameter in settings.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...