WordPress plugin Tutor LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the RabbitMQ messaging broker lies in the failure to remove script-related HTML tags from web pages, allowing attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

CVE-2025-24892

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

CVE-2025-24892

CVE-2025-24892 affects OpenProject prior to 15.2.1, where the Group Management UI fails to sanitize user input, allowing HTML/script content in groups to be rendered in a project (stored HTML injection). The issue is resolved in OpenProject 15.2.1. If upgrading isn’t possible, a patch is availabl...

CVE-2025-24892 OpenProject stored HTML injection vulnerability

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

PT-2025-6068 · Unknown · Openproject

Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 15.2.1 Description: The issue arises from the application's failure to properly sanitize user input before displaying it in the Group Management section. Specifically, groups created with HTML script tags are not...

The vulnerability of the IBM Control Center’s process monitoring and control system lies in its failure to remove scipt-related HTML tags from web pages. This allows attackers to execute arbitrary code or gain access to confidential information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain access to confidential information...

CVE-2025-24680

CVE-2025-24680 affects WordPress WP Multistore Locator (plugin) up to version 2.4.7 and is a cross-site scripting (XSS) issue caused by improper neutralization of script-related HTML tags in reflected input. Public sources consistently state the vulnerability is XSS (Reflected) and indicate remed...

PT-2025-5493 · Unknown · Ketchup Shortcodes

Name of the Vulnerable Software and Affected Versions: Ketchup Shortcodes versions 0.1.2 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Stored XSS attacks. This means an attacker can inject malicious scripts int...

jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

PT-2025-4773 · Jte · Jte

Name of the Vulnerable Software and Affected Versions: jte Java Template Engine versions 3.1.15 and earlier Description: The issue affects Jte HTML templates with script tags or script attributes that include a Javascript template string backticks, making them subject to XSS. The javaScriptBlock...

CVE-2023-47869

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5...

Remote Code Execution (RCE)

Umbraco is vulnerable to remote code execution. The vulnerability is due to improper handling of SVG files, where script tags within these files are not properly validated or stripped, allowing potential code execution when previewed by Backoffice users in full-screen mode...

The vulnerability of VPN-client microprogramming software for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to execute cross-site scripting attacks.

The vulnerability of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD microprogramming software clients relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

The vulnerability of the wpDiscuz plugin of the WordPress content management system allows attackers to compromise data integrity.

The vulnerability of the wpDiscuz plugin in the WordPress content management system is related to the failure to remove scipt-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by the individual developers of stemword. A cross-site scripting vulnerability exists in Inventory Management System version 1.0, which stems from a cross-site scripting attack caused by incorrect manipulation of the input alert1...

Priority 安全漏洞

Priority is an ERP solution from Priority Israel. Priority has a security vulnerability that originates from improper neutralization of script-related HTML tags in web pages...

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

Verint Workforce Optimization Cross-Site Scripting Vulnerability

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, USA. The product supports workforce management, call recording, automated quality management, performance management, text and desktop analytics, and more. A cross-site scripting...

PT-2024-7359 · Cfx.Re · Cfx.Re Fxserver

Name of the Vulnerable Software and Affected Versions: Cfx.re FXServer versions v9601 and earlier wpDiscuz affected versions not specified Description: The issue is related to incorrect access control and the failure to neutralize script-related HTML tags on a web page. This can allow a remote...