CVE-2025-9115

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...