WordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Interactive UK Regional Map versions = 2.0...

GHSA-4V9V-HFQ4-RM2V webpack-dev-server users' source code may be stolen when they access a malicious web site

Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...

CVE-2025-5502

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched...

CVE-2025-5122

The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

Astun Technology iShare Maps 代码注入漏洞

Astun Technology iShare Maps is a software for public map services from Astun Technology, UK. A code injection vulnerability exists in Astun Technology iShare Maps version 5.4.0, which originates from a cross-site scripting attack due to an incorrect manipulation of the parameter Zoom in the file...

CVE-2025-5122

CVE-2025-5122 maps to Map Block Leaflet for WordPress. Affected: versions up to 3.2.1 with stored cross-site scripting via the url parameter due to insufficient input sanitization and output escaping. Exploitation requires an authenticated user with Contributor-level access or higher; injected sc...

CVE-2025-5122 Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress plugin Map Block Leaflet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-23144 · WordPress · Map Block Leaflet

Name of the Vulnerable Software and Affected Versions: The Map Block Leaflet plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping via the url parameter. This allows...

CVE-2024-23379

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario...

CVE-2024-47528

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...

CVE-2024-29909

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Camille Verrier Travelers' Map allows Stored XSS.This issue affects Travelers' Map: from n/a through 2.2.0...

CVE-2024-3147

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtmlmap.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2024-35545

MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-30450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder...

CVE-2024-4968

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the component Add Marker. The manipulation leads to cross site scripting. The attack may be launched...

CVE-2024-23818

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

CVE-2024-49667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asaduzzaman Abir Local Business Addons For Elementor map-addons-for-elementor-waze-map allows Stored XSS.This issue affects Local Business Addons For Elementor: from n/a through = 1.1.5...

CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...