CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

CVE-2023-43344

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

CVE-2025-13897

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...

CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its umshowuploadedfile AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads...

CVE-2022-0376

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is...

CVE-2017-18504

The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF...

CVE-2025-23187

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

CVE-2024-34434

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2025-15019

The BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialtycsalt' post meta in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes...

PT-2026-1723

Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0 Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client...

WordPress plugin Client Testimonial Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

Cross-site Scripting (XSS)

Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

GHSA-3CGP-3XVW-98X8 React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...