EUVD-2026-19982

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Score Extension...

WordPress plugin Ibtana – WordPress Website Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-27853

Name of the Vulnerable Software and Affected Versions The Grid versions prior to 2.8.0 Description An issue exists in The Grid that allows for Stored Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The vulnerability allows an attacker to...

CVE-2025-15519

Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

Cross-site Scripting (XSS)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ecardmessage handling process. An attacker can inject arbitrary HTML and JavaScript into greeting car...

EUVD-2026-9765

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

PT-2026-23323

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...

CVE-2026-25343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through = 7.1...

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2025-13002

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS. This issue affects E-Commerce Package: through 27112025...

faraday 代码问题漏洞

Faraday is an open-source HTTP client library developed by Lostisland. Versions of Faraday prior to 2.14.1 contained code vulnerabilities. These vulnerabilities stemmed from the use of the Ruby URImerge method to handle user input, which could lead to server-side request forgeing attacks...

CVE-2025-69054

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through = 2.8...

CVE-2026-24389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through = 1.3.2...

CVE-2025-68835 WordPress Ravpage plugin <= 2.33 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through = 2.33...

WordPress plugin MemberPress Discord Addon: Cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-4214

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through = 2.2.2...

CVE-2024-23511

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3...

CVE-2025-69033 WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through = 1.7.3...

PT-2025-53245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through = 1.5.2...

CVE-2025-64207

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...