158 matches found
CVE-2025-32564 WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tomroyal Stop Registration Spam stop-registration-spam allows Reflected XSS.This issue affects Stop Registration Spam: from n/a through = 1.24...
PT-2025-17156 · Unknown · Gb Gallery Slideshow
Name of the Vulnerable Software and Affected Versions: GB Gallery Slideshow versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers t...
CVE-2025-39582 WordPress WP Data Access plugin <= 5.5.36 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Passionate Programmer Peter WP Data Access wp-data-access allows DOM-Based XSS.This issue affects WP Data Access: from n/a through = 5.5.36...
WordPress plugin Mobile Smart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
CVE-2025-32211
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through = 1.52.1...
CVE-2025-31467
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through = 3.1.8...
CVE-2025-31418
CVE-2025-31418 corresponds to a reflected XSS in the Gravel WordPress theme. Public material confirms Gravel versions up to 1.6 are affected. The CVSSv3.1 score in the provided data is 7.1 (High) with Network attack, user interaction required, and changes in confidentiality/integrity/availability...
GHSA-HPHM-3X7F-G875 Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Obfuscate allows Stored XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.1...
PT-2025-14727 · Adobe · Advanced Typekit
Name of the Vulnerable Software and Affected Versions: Advanced Typekit versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...
CVE-2025-0154
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers...
CVE-2025-31441
CVE-2025-31441 describes a Reflected XSS in the WordPress Galleria plugin (wp-galleria). Public description states affected product: WordPress Galleria (wp-galleria), with vulnerable versions listed as from n/a through
CVE-2025-30778 WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through = 3.1.9...
CVE-2025-31806
CVE-2025-31806 affects Webling (WordPress plugin Webling). It is a Stored XSS due to improper neutralization of input during web page generation, impacting Webling versions up to 3.9.0. Exploitation requires authentication (Administrator). Wordfence notes the vulnerability and indicates a patch i...
GHSA-M4WJ-HHWJ-47QP Drupal Core Cross-Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5...
WordPress plugin Kento WordPress Stats 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-30873
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 11.0.2...
CVE-2025-28924
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through = 1.8...
CVE-2025-25132
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from n/a through = 1.0.1...
CVE-2025-23587 WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through = 2.0.1...
CVE-2025-23518
CVE-2025-23518 is a reflected XSS in the WordPress GoogleMapper plugin (versions up to and including 2.0.3). The vulnerability arises from improper neutralization of input during web page generation, enabling script injection. Affected software is the GoogleMapper plugin for WordPress; no exploit...