WordPress Display Pages Shortcode plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

PT-2025-47987

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...

WordPress plugin YouTube Subscribe 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...

EUVD-2025-198889

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

Cross-site Scripting (XSS)

joomla/filter is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling and validation of user-supplied input in the checkAttribute method, which allows an attacker to inject malicious scripts that can be executed in a victim’s browser...

CVE-2025-10554

A stored Cross-site Scripting XSS vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10554 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10554 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-41087 Cross-Site Scripting (XSS) stored in Taclia's web application

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

Dassault Systèmes ENOVIA Product Manager 安全漏洞

Dassault Systèmes ENOVIA Product Manager is a product lifecycle management software from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Product Manager Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x, which stems from a stored cross-site...

Dassault Systèmes DELMIA Service Process Engineer 安全漏洞

Dassault Systèmes DELMIA Service Process Engineer is a process planning software from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes DELMIA Service Process Engineer Release 3DEXPERIENCE R2025x, which stems from a stored cross-site scripting vulnerability that could...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from a malicious URL construction issue that could lead to the execution of attacker-supplied scrip...

PT-2025-47930

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 56.0.2924.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201701stable-channel-update-for-desktop advisory. - A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and...

CVE-2025-13159

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

CVE-2025-61949

LogStare Collector is affected by CVE-2025-61949, a stored cross-site scripting vulnerability in the UserManagement component. The issue allows an arbitrary script to run in the browser of users who log in to the management page when crafted user information is stored. Documents confirm the affec...

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page...

WordPress plugin Bold Page Builder 安全漏洞

WordPress Bold Page Builder plugin is a WordPress page builder plugin that supports drag and drop editing and real-time front and back end previews for quickly creating responsive web page layouts. WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems fro...

WordPress plugin HT Mega 跨站脚本漏洞

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...