EUVD-2026-3322

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...

Drupal Flag 安全漏洞

Drupal Flag is a markup creation module for the Drupal community. A security vulnerability exists in Drupal Flag versions 7.X-3.0 through 7.X-3.9, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

Drupal Facebook Pixel 安全漏洞

Drupal Facebook Pixel is an ad placement module for the Drupal community. A security vulnerability exists in Drupal Facebook Pixel versions 7.X-1.0 through 7.X-1.1, which stems from improper input neutralization during page generation and could lead to a stored cross-site scripting attack...

TencentOS Server 3: tomcat (TSSA-2025:0984)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0984 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2026-1956

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

CVE-2025-67918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...

CVE-2025-68867

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...

CVE-2025-68890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through = 1.0.4...

CVE-2023-50377

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AB-WP Simple Counter allows Stored XSS.This issue affects Simple Counter: from n/a through 1.0.2...

CVE-2023-49190

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6...

CVE-2023-45050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1...

CVE-2021-22503

Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000...

CVE-2025-23579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digitalzoomstudio DZS Ajaxer Lite dzs-ajaxer-lite-dynamic-page-load allows Stored XSS.This issue affects DZS Ajaxer Lite: from n/a through = 1.04...

CVE-2025-23928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aleksandar Arsovski Google Org Chart google-org-chart allows Stored XSS.This issue affects Google Org Chart: from n/a through = 1.0.1...

CVE-2025-23907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2...

CVE-2025-23947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in M.J WP-Player wp-player allows Stored XSS.This issue affects WP-Player: from n/a through = 2.6.1...

CVE-2025-23824

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0...

CVE-2025-23860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in crea8xion Charity-thermometer charitydonation-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through = 1.1.2...

CVE-2025-23859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jd7777 Daily Proverb daily-proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through = 2.0.3...

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...