EUVD-2026-22817

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

CVE-2025-14110

CVE-2025-14110 — WP Js List Pages Shortcodes (WordPress) A stored XSS vulnerability exists in the WP Js List Pages Shortcodes plugin via the class shortcode attribute. Affected versions are up to and including 1.21. Exploitation requires authenticated access at Contributor level or higher. Succes...

WordPress plugin WP Js List Pages Shortcodes 跨站脚本漏洞

...

WordPress WP Js List Pages Shortcodes plugin <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin WP Js List Pages Shortcodes versions = 1.21...

EUVD-2018-8208

Malware in sbrugna...

EUVD-2025-2797

Malicious code in bioql PyPI...

CVE-2025-22517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ben Huson List Pages at Depth list-pages-at-depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through = 1.5...

CVE-2025-22517

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ben Huson List Pages at Depth list-pages-at-depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through = 1.5...

WordPress List Pages at Depth plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin List Pages at Depth versions = 1.5...

WordPress plugin List Pages at Depth 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2022-4757

The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4757 List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode

The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4757

CVE-2022-4757 affects the List Pages Shortcode WordPress plugin (versions before 1.7.6). The issue arises because the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS from a contributor-level user to target higher-privilege admins. Multiple conne...

WordPress plugin List Pages Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. list-pages...

WordPress List Pages Shortcode Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software List Pages Shortcode Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 30aa61094340 Credits Lana Codes Required...

Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.11.41204, Platform Build 14.0.41143)

Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises Application Build 14.11.41204, Platform Build 14.0.41143 This article applies to Microsoft Dynamics 365 Business Central Spring 2019 Update on-premises deployments for all countries and all language locales.A...

CVE-2006-6234

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via 1 the cid parameter in a listpagescategories action or 2 the pid parameter in a showpage action...