JetBrains TeamCity < 2025.11.0 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains TeamCity before 2025.11.0 Stored XSS was possible via session attribute CVE-2025-67741 - In JetBrains TeamCity...

EUVD-2025-204077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Reflected XSS.This issue affects Reservation Plugin: from n/a through = 1.6...

EUVD-2025-204090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through 5.6...

CVE-2025-64217

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through = 7.7.2...

CVE-2025-64217

CVE-2025-64217 concerns the WordPress Photography theme (version range:

WordPress plugin XStore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-67170

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2023-53882

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

xss-demo

This repo presents the various types of Cross Site Scripting XS...

CVE-2025-9116

The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-9116

The CVE-2025-9116 entry concerns the WordPress plugin WPS Visitor Counter Plugin (versions up to 1.4.8). The connected sources confirm a Reflected Cross-Site Scripting flaw where the plugin does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it in an HTML attribute, enabling X...

EUVD-2025-203238

The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

vuln_XSS_web

Vulnerable Websites for XSS Testing Đây là 4 website mẫu, mỗi...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-14137

The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14137

CVE-2025-14137 – WordPress plugin Simple AL Slider: Reflected Cross‑Site Scripting via the PHP_SELF variable, affected versions up to and including 1.2.10. The issue enables unauthenticated attackers to inject scripts on pages that execute user actions. Public details indicate CVSSv3.1 base score...

CVE-2025-34409

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...