Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...

EUVD-2026-18995

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2936

The CVE concerns the WordPress plugin Visitor Traffic Real Time Statistics, affected up to version 8.4. It is vulnerable to Stored Cross-Site Scripting via the page_title parameter due to insufficient input sanitization and output escaping. The vulnerability allows unauthenticated attackers to in...

CVE-2026-2936

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2026-30345

Name of the Vulnerable Software and Affected Versions Visitor Traffic Real Time Statistics plugin for WordPress versions up to and including 8.4 Description The Visitor Traffic Real Time Statistics plugin for WordPress is susceptible to Stored Cross-Site Scripting through the page title parameter...

CVE-2025-9371

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

CVE-2025-9371

CVE-2025-9371 corresponds to Betheme (WordPress) with a Stored XSS via the page_title parameter. Affected versions are up to 28.1.6; PT-security notes 28.1.7+ as the fix, and Patchstack confirms Authenticated (Contributor+) Stored Cross-Site Scripting via page_title with Betheme

EUVD-2025-33331

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

WordPress plugin Betheme 跨站脚本漏洞

WordPress Betheme plugin is a WordPress multipurpose theme that is mainly used to quickly build different types of websites such as corporate, blog, e-commerce and so on. WordPress Betheme plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and outp...

EUVD-2025-25697

Malicious code in bioql PyPI...

EUVD-2025-25695

Malicious code in bioql PyPI...

CVE-2025-56215

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter...

PT-2025-34662 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Hospital Management System version 4.0 Description: The phpgurukul Hospital Management System is susceptible to SQL Injection in the about-us.php file through the pagetitle parameter. Recommendations: As a temporary workaround,...

CVE-2025-56215

CVE-2025-56215 affects phpgurukul Hospital Management System 4.0, with a SQL Injection in contact.php through the pagetitle parameter. The vulnerability is described as an injection flaw in a PHP/MySQL-based system. According to the CVE details, the base impact is Low for confidentiality and inte...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...