EUVD-2025-30515

Malicious code in bioql PyPI...

CVE-2025-58263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2025-58263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin BuddyPress Notification Widget versions = 1.3.3...

CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-58263

CVE-2025-58263 is a stored Cross-Site Scripting vulnerability in the WordPress plugin BuddyPress Notification Widget . Affected range is listed as “from n/a through 1.3.3.” The root cause is described as improper neutralization of input during web page generation. The vulnerability affects the wi...

CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WordPress plugin BuddyPress Notification Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

PT-2025-38926

Name of the Vulnerable Software and Affected Versions BuddyPress Notification Widget versions through 1.3.3 Description The BuddyPress Notification Widget contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-Site Scripting XSS. This allows ...

PT-2025-2032 · WordPress · Unlimited Elements For Elementor

Name of the Vulnerable Software and Affected Versions: Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.135 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...