71 matches found
CVE-2025-12118
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD schema markup. This makes it possible for...
CVE-2025-12118 Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD schema markup. This makes it possible for...
CVE-2025-12118 Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD schema markup. This makes it possible for...
PT-2025-44706
Name of the Vulnerable Software and Affected Versions Schema Scalpel versions prior to 1.6.2 Description The Schema Scalpel plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping when handling user-supplied data in the...
EUVD-2022-29205
Malicious code in bioql PyPI...
EUVD-2022-51990
Malicious code in bioql PyPI...
EUVD-2023-53727
Malicious code in bioql PyPI...
EUVD-2024-22202
Malicious code in bioql PyPI...
EUVD-2024-0310
Malicious code in bioql PyPI...
EUVD-2023-53728
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
clickstorm/cs-seo is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of data in the JSON-LD output, allows an attacker to execute arbitrary JavaScript code in the context of the affected TYPO3 backend session...
CVE-2024-24839
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc allows Stored XSS.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.6.1...
CVE-2022-24307
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...
CVE-2025-0512
The Structured Content JSON-LD wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-0512
The Structured Content JSON-LD wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-21669
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
CVE-2024-43307 WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2...
BIT-MASTODON-2022-24307
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...
CVE-2024-24839
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc allows Stored XSS.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.6.1...
CVE-2024-24839
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc allows Stored XSS.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.6.1...