CVE-2025-23574 WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through = 1.0...

CVE-2025-23551 WordPress SexBundle plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through = 1.4...

CVE-2024-48893

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting XSS attack via the creation of malicious playbook...

CVE-2025-22293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gutentor Gutentor gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through = 3.4.3...

CVE-2025-22359

CVE-2025-22359 : Reflected XSS in SyncFields (WordPress plugin) — improper neutralization during web page generation leads to cross-site scripting. Affected: SyncFields versions up to 2.1 (from unknown earliest to 2.1). CVSSv3.1 score 7.1 (HIGH). Connected sources corroborate the Reflected XSS an...

CVE-2024-56038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catalinsendsms SendSMS sendsms allows Reflected XSS.This issue affects SendSMS: from n/a through = 1.2.9...

PT-2025-3176 · Unknown · Lemonade Social Networks Autoposter Pinterest

Name of the Vulnerable Software and Affected Versions: Lemonade Social Networks Autoposter Pinterest versions n/a through 2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This problem enables...

CVE-2024-47115

IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input...

CVE-2024-49664

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in allows Reflected XSS.This issue affects chatplusjp: from n/a through 1.02...

CVE-2024-39668

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

PT-2024-24675 · Knight · Knight Lab Timeline

Name of the Vulnerable Software and Affected Versions: Knight Lab Timeline versions 3.9.3.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...

CVE-2021-42535

VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage...

CVE-2021-29679

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include SSI directive. IBM X-Force ID: 199915...