20042 matches found
CVE-2025-62238
Stored cross-site scripting XSS vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject...
CVE-2025-11197
CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...
CVE-2025-9560
CVE-2025-9560 relates to the WordPress plugin Colibri Page Builder (versions through 1.0.334). It describes a Stored XSS vulnerability in the colibri_newsletter shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or highe...
PT-2025-41631
Name of the Vulnerable Software and Affected Versions Colibri Page Builder plugin for WordPress versions through 1.0.334 Description The Colibri Page Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting through the colibri newsletter shortcode. This is due to inadequate inpu...
PT-2025-41646
Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions up to and including 4.1.6 Description The software is susceptible to Stored Cross-Site Scripting through the file modified shortcode. Insufficient input sanitization and output escaping on...
PT-2025-41643
Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.6.1 Description The software contains a flaw due to insufficient input sanitization and output escaping on user supplied attributes within the 'drafts' shortcode. This allows authenticated...
CVE-2025-60000
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-60001
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-60009
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59996
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...
CVE-2025-59998
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59995
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59981
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59992
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59988
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59984
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in Global Search that, when visited by another user, enables the attacker to execute commands with the target's permissions,...
CVE-2025-59986
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59999
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...
CVE-2025-59993
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...
CVE-2025-59991
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's...