CVE-2025-11818 WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprmteam' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-60933

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

WordPress plugin Calendar Plus 跨站脚本漏洞

WordPress Calendar Plus plugin is a calendar plugin for WordPress to create and manage event calendars. WordPress Calendar Plus plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

WordPress plugin Bg Book Publisher 跨站脚本漏洞

WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

WordPress Plugin CF7 Auto Responder Addon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

WordPress plugin Cinza Grid 跨站脚本漏洞

WordPress Cinza Grid plugin is a lightweight WordPress plugin based on Isotope Waterfall Layout for creating responsive grid layouts that support the presentation of posts, pages or custom content types. WordPress Cinza Grid plugin suffers from a cross-site scripting vulnerability that stems from...

WordPress Ova Advent plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ova Advent plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

Opencast Cross-Site Scripting Vulnerability

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. Opencast suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

WordPress Digiseller plugin cross-site scripting vulnerability

WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...

HCL AION code execution vulnerability (CNVD-2026-16411)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...

CVE-2025-61417

CVE-2025-61417 is a Cross-Site Scripting (XSS) vulnerability in TastyIgniter 3.7.7, affecting the /admin/media_manager component. An attacker can upload a malicious SVG containing JavaScript; when an administrator previews the file, the code runs in the admin’s browser context, potentially allowi...

CVE-2025-53858

ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

Centreon cross-site scripting vulnerability (CNVD-2025-24648)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

Adobe Connects Cross-Site Scripting Vulnerability (CNVD-2025-24428)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...

Centreon has an unspecified vulnerability (CNVD-2025-24172)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-24163)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2025-62411 Stored XSS in Alert Transport name field in LibreNMS

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting XSS vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored a...

CVE-2025-53858

ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

CVE-2025-58115

ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...