WordPress plugin Wonka Slide 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2026-5615

The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploit for CVE-2025-66478

Vulnerable Mall Next.js Red/Blue Team Training Target Vul...

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

WordPress plugin Employee Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2026-5549

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1654

The Peter’s Date Countdown plugin for WordPress (versions ≤ 2.0.0) is affected by a Reflected Cross‑Site Scripting flaw exposed via the PHP_SELF server parameter. This allows unauthenticated attackers to inject scripts into pages that run when a user is tricked into performing an action (e.g., cl...

CVE-2026-1268 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

PT-2026-6019

Name of the Vulnerable Software and Affected Versions Extended Random Number Generator versions prior to 1.2 Description The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output...

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

CVE-2020-37086 Easy Transfer 1.7 for iOS - Directory Traversal

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

Improper Encoding or Escaping of Output

Overview HtmlSanitizer is a Cleans HTML from constructs that can be used for cross site scripting XSS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the template tag handling. An attacker can inject and execute arbitrary scripts by crafting HTML...

CVE-2026-24426

The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...

EUVD-2019-19382

Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded b...

CVE-2025-61638

A flaw was found in MediaWiki. This vulnerability, identified as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages due to improper neutralization of input during web page generation. When a user views an affected page, the malicious code can execute in...