IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

GHSA-8MGF-RGG5-W38Q Liferay Portal Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected int...

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-Site Scripting. The vulnerability is due to lack of input sanitization of module titles due to administrators and content editors being able to set raw HTML including JavaScript in titles, allowing attackers to inject scripts that execute in other user's...

CVE-2025-62896

Cross-Site Request Forgery CSRF vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through = 1.5...

CVE-2025-62956 WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...

CVE-2025-62945

CVE-2025-62945 affects WordPress plugin Did Prestashop Display (

CVE-2025-62934 WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

PT-2025-43809

Cross-Site Request Forgery CSRF vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through = 2.2.1...

CVE-2025-11897

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7fancytitlecss’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-8588

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-11992

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

CVE-2025-8666

CVE-2025-8666 concerns the WordPress plugin Testimonial Carousel For Elementor (versions ≤ 11.6.2). The stored XSS vulnerability arises from insufficient input sanitization and output escaping across multiple parameters, enabling an attacker with Contributor-level access or higher to inject scrip...

CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode

The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

CVE-2025-12017

CVE-2025-12017 concerns the VNPAY Payment gateway plugin for WordPress. Based on Wordfence and PatchStack sources in connected documents, the vulnerability is a reflected cross-site scripting (Reflected XSS) via the message parameter, affecting all versions up to and including 1.0.0. The root cau...

EUVD-2025-35814

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-43598

Name of the Vulnerable Software and Affected Versions qnotsquiz plugin for WordPress versions prior to 1.0.1 Description The qnotsquiz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the qnotsquiz custom start text parameter. Insufficient input sanitization and output...

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

EUVD-2025-35729

Liferay Portal Self Cross-site scripting XSS vulnerability on the edit Knowledge Base article page...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-11813

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...