CVE-2026-9594

The WP Maps plugin for WordPress (affected versions up to 4.9.4) is vulnerable to a Stored Cross-Site Scripting (XSS) via the location_messages parameter due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access at administrator level or higher, w...

EUVD-2026-34959

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

EUVD-2025-32472

A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and...

EUVD-2025-14769

Malicious code in bioql PyPI...

Vastgota-Data ProVide Elevation of Privilege Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability can be exploited by an attacker to elevate privileges with the help of the 'messages'...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-02621)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in CMS Made Simple CMSMS 2.2.5. The vulnerability can be exploited to conduct cross-site scripting attacks via the m1messages...

CVE-2006-1958

Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via 1 the forumreferrer cookie to register.php and 2 the messages parameter in messagelist.php...