CVE-2025-58786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VW THEMES Ibtana – Ecommerce Product Addons ibtana-ecommerce-product-addons allows DOM-Based XSS.This issue affects Ibtana – Ecommerce Product Addons: from n/a through = 0.4.7.6...

CVE-2025-58623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through = 1.3.2...

CVE-2025-58623 WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bohemia Plugins Event Feed for Eventbrite event-feed-for-eventbrite allows DOM-Based XSS.This issue affects Event Feed for Eventbrite: from n/a through = 1.3.2...

PT-2025-35756

Name of the Vulnerable Software and Affected Versions: Bohemia Plugins Event Feed for Eventbrite versions through 1.3.2 Description: The software contains a DOM-Based Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Bohemia...

CVE-2025-58212

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows DOM-Based XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.1...

CVE-2025-58212

The CVE-2025-58212 entry concerns a DOM-Based XSS in the WordPress plugin Epeken All Kurir (WooCommerce), caused by improper input neutralization during web page generation. Affected versions are up to 2.0.1; a fix is available in later releases (update to a version later than 2.0.1). The CVSS 3....

CVE-2025-58212 WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in epeken Epeken All Kurir epeken-all-kurir allows DOM-Based XSS.This issue affects Epeken All Kurir: from n/a through = 2.0.1...

CVE-2025-58205

CVE-2025-58205 refers to a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin ElementInvader Addons for Elementor (affected: versions up to 1.3.6). The issue arises from improper input neutralization during web page generation, enabling XSS. Publicly documented details in connec...

CVE-2025-7732

CVE-2025-7732: The WordPress plugin Lazy Load for Videos (

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

CVE-2025-47054

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-46856

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

PT-2025-34284 · America Online · Phobos.Dll +3

Name of the Vulnerable Software and Affected Versions: AOL versions prior to 9.6 Description: AOL versions up to and including 9.5 include an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overfl...

CVE-2025-47054

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...

CVE-2025-46856

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a DOM-based XSS vulnerability. The issue allows a low-privileged attacker to manipulate the DOM to execute malicious JavaScript in a victim’s browser, with exploitation requiring user interaction (victim visits a crafted p...

CVE-2011-10028 RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2011-10028 RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...