DRUPAL-CONTRIB-2026-035

The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script element. A user who can add HTML to a page could cause the generated language-switcher links to poi...

PT-2026-40837

Name of the Vulnerable Software and Affected Versions Translate Drupal with GTranslate versions 0.0.0 through 3.0.4 Description A Modification of Assumed-Immutable Data MAID issue in the GTranslate module allows Resource Location Spoofing. The module's widget JavaScript fails to sufficiently...

EUVD-2018-4664

Malware in sbrugna...

EUVD-2014-9543

Malware in sbrugna...

EUVD-2012-4460

Malware in sbrugna...

EUVD-2022-5594

Malicious code in bioql PyPI...

EUVD-2024-52927

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-6932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in...

CVE-2012-2064

Cross-site scripting XSS vulnerability in theme/viewslangswitch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2012-4532

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

CVE-2025-3488

The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

WordPress plugin WPML 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2024-56029

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through = 1.0...

CVE-2024-32695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9...

CVE-2024-56029

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through = 1.0...

CVE-2024-56029

CVE-2024-56029 affects the WordPress plugin Easy Language Switcher. Described as an input handling vulnerability leading to Reflected XSS due to improper neutralization during web page generation. CVSS metrics indicate Network attack, Low confidentiality/integrity/availability impact (C:L, I:L, A...

CVE-2024-56029 WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamwinner Easy Language Switcher easy-language-switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through = 1.0...

CVE-2024-56029 WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dreamwinner Easy Language Switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through 1.0...

WordPress plugin Easy Language Switcher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Easy Language Switcher versions = 1.0...