CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

CVE-2020-37086 Easy Transfer 1.7 for iOS - Directory Traversal

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

Improper Encoding or Escaping of Output

Overview HtmlSanitizer is a Cleans HTML from constructs that can be used for cross site scripting XSS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the template tag handling. An attacker can inject and execute arbitrary scripts by crafting HTML...

CVE-2026-24426

The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...

EUVD-2019-19382

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded b...

CVE-2025-61638

A flaw was found in MediaWiki. This vulnerability, identified as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages due to improper neutralization of input during web page generation. When a user views an affected page, the malicious code can execute in...

CVE-2025-61636

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper handling of user-supplied input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, potentially leading to information disclosur...

CVE-2025-67481

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages. By failing to properly neutralize input during web page generation, MediaWiki can be exploited to execute arbitrary code in the context of a...

CVE-2025-67849

CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...

EUVD-2025-206737

A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...

CVE-2026-1058

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

CVE-2026-1058

The vulnerability CVE-2026-1058 affects the WordPress Form Maker plugin by 10Web. A stored XSS exists in all versions up to 1.15.35 due to insufficient escaping of hidden field values in the admin submissions list; html_entity_decode() is applied to user-supplied hidden field values without prope...

CVE-2025-61642

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, also known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages viewed by other users. This can lead to information disclosure or other client-side attacks...

CVE-2025-6594

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, commonly known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages. This can lead to information disclosure, session hijacking, or arbitrary code execution...

NVIDIA Megatron-LM 代码注入漏洞

NVIDIA Megatron-LM is a distributed training framework based on PyTorch developed by NVIDIA Corporation in the United States. It is specifically designed for training large-scale Transformer language models. NVIDIA Megatron-LM has a code injection vulnerability. This vulnerability stems from...

Rubikon Easy Transfer 路径遍历漏洞

Rubikon Easy Transfer is a file transfer application developed by Rubikon Corporation. Version 1.7 of Rubikon Easy Transfer contains a path traversal vulnerability. This vulnerability stems from directory traversal vulnerabilities, allowing attackers to access unauthorized file system paths by...

PT-2026-6235

Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...

PT-2026-6045

Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions up to and including 1.19.2 Description The Mail Mint plugin for WordPress is susceptible to Cross-Site Request Forgery due to a lack of nonce validation in the create or update note function. This allows...

PT-2026-5959

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle due to improper sanitization of AI prompt responses. This allows attackers to inject malicious HTML or script into web pages. Successful exploitation could lead to...

WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...