98 matches found
PT-2025-24166 · Unknown · Melipayamak
Name of the Vulnerable Software and Affected Versions: Melipayamak versions through 2.2.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throug...
CVE-2024-38866
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection...
CVE-2025-22827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in joomag WP Joomag wp-joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through = 2.5.2...
CVE-2024-54348
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through = 1.1.6...
CVE-2022-3540
An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses...
CVE-2021-24554
The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue...
CVE-2020-5792
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user...
CVE-2025-47677
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Gallery: from n/a through = 2.7.7.25...
CVE-2025-47495
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blockspare Blockspare blockspare allows Stored XSS.This issue affects Blockspare: from n/a through = 3.2.9...
USN-7486-1: FastCGI vulnerability
It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
CVE-2025-21572
OpenGrok 1.13.25 has a reflected Cross-Site Scripting XSS issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output...
CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...
CVE-2025-46338
Audiobookshelf (self-hosted audiobook/podcast server) has a known XSS vulnerability in /api/upload (via the libraryId field) in versions prior to 2.21.0. The issue stems from improper input handling; unsanitized input is reflected in the server error message, enabling arbitrary JavaScript executi...
CVE-2025-46238
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rbaer List Last Changes allows Stored XSS. This issue affects List Last Changes: from n/a through 1.2.1...
CVE-2024-13926 WP-Syntax <= 1.2 - Author+ Potential ReDoS
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
CVE-2025-31738
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a through = 1.1.0...
CVE-2025-23542
CVE-2025-23542 is a reflected XSS in the WordPress plugin RDP Linkedin Login (vendor: WordPress plugin, affected: versions up to 1.7.0). The NVD/Red Hat and CVE enrichment confirm the flaw stems from improper input neutralization during web page generation, enabling reflected XSS. CVSSv3.1 base s...
CVE-2025-23647
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through = 1.5...
CVE-2025-22205 Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x...