CVE-2025-68497

The CVE-2025-68497 entry covers a Stored XSS vulnerability in Brainstorm Force Astra Widgets (astra-widgets) affecting versions up to 1.2.16. The root cause is improper neutralization/escaping of user-supplied input during web page generation, enabling arbitrary scripts to be injected into pages ...

WordPress plugin Basticom Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Basticom Framework plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

WordPress plugin Astra Widgets 安全漏洞

WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

WordPress plugin ModelTheme Addons for WPBakery and Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WPBakery Visual Composer WHMCS Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Post Grid and Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Hostel 跨站脚本漏洞

WordPress Hostel plugin refers to a plugin designed specifically for WordPress websites. WordPress Hostel plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

PT-2025-53077

Name of the Vulnerable Software and Affected Versions Brainstorm Force Astra Widgets versions through 1.2.16 Description A flaw exists in Brainstorm Force Astra Widgets that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page...

EUVD-2025-204675

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0...

WordPress plugin Void Elementor WHMCS Elements For Elementor Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

CVE-2025-64191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-68385

A flaw was found in Kibana. An authenticated user can exploit an improper neutralization of input during web page generation to embed malicious scripts. This vulnerability, which bypasses a previous Cross-site Scripting XSS mitigation in Vega, allows the scripts to be served to web browsers. The...

EUVD-2025-204410

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a method in Vega bypassing a previous Vega XSS mitigation...

CVE-2025-68387

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

CVE-2025-64675

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64677

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

CVE-2025-68385

Kibana is the affected product (CVE-2025-68385). The vulnerability is Cross-site Scripting (XSS) due to improper neutralization of input during web page generation, which in Vega bypasses a prior mitigation, allowing an authenticated user to embed malicious scripts in content served to browsers. ...

EUVD-2025-204090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through 5.6...

CVE-2025-66118

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through = 3.2.1...