PT-2025-35189

Name of the Vulnerable Software and Affected Versions: OSM Map Widget for Elementor plugin for WordPress versions prior to 1.3.1 Description: The OSM Map Widget for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Map Block URL due to inadequate input...

WordPress WP Get The Table Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress WP Get The Table, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

WordPress JetTricks Cross-Site Scripting Vulnerability

WordPress JetTricks is a plugin developed for WordPress to enhance the Elementor page builder. WordPress JetTricks suffers from a cross-site scripting vulnerability that stems from improper input neutralization, which can be exploited by an attacker to trigger the execution of malicious scripts b...

U.S. Dept Of Defense: Cross-Site Scripting via 'autoPlay' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website through the 'autoPlay' parameter in the GET method. Exploitation of this vulnerability allowed the injection of malicious scripts that could be executed. A proof-of-concept was provided demonstrating an alert pop-up...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-2299

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress plugin Webcamconsult 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

Code-Projects Hospital Management System 安全漏洞

Hospital Management System a hospital management system. Hospital Management System has a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in the Doctor Name parameter of the /hospital/hms/admin/manage-doctors.php file. An attacker can exploit this...

CVE-2024-8681

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin tagDiv Composer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-5252

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3615

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

DEBIAN-CVE-2024-3841

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a Data Validation Error vulnerability, which can be exploited by attackers to inject script or HTML into a privileged page via a malicious file...

PT-2024-24295 · Pdfcrowd · Save As Image Plugin

Name of the Vulnerable Software and Affected Versions: Save as Image plugin by Pdfcrowd versions 3.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

WordPress plugin Page Builder: Live Composer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-5291

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Vastgota-data ProVide Cross-Site Scripting Vulnerability

Vastgota-data ProVide is a file transfer server with a graphical user interface from the Swedish company Vastgota-data. A cross-site scripting vulnerability exists in Vastgota-data ProVide now Farsight Tech Nordic AB ProVide version 14.5, which can be exploited by an attacker to inject malicious...

StarTrinity Softswitch Cross-Site Scripting Vulnerability

StarTrinity Softswitch is a highly reliable softswitch from StarTrinity. A cross-site scripting vulnerability exists in StarTrinity Softswitch version 2023-02-16, which can be exploited by an attacker to inject malicious scripts into web sites...