UBUNTU-CVE-2025-46819

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

EUVD-2025-32260

The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin Epic Bootstrap Buttons 跨站脚本漏洞

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

WordPress plugin Easy Elementor Addons 跨站脚本漏洞

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

WordPress plugin Fintelligence Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

CVE-2025-60452

MetInfo CMS v8.0 contains a stored XSS in the download management module (app\system\download\admin\download_admin.class.php) caused by accepting unvalidated SVG uploads (containing JavaScript) that execute when viewed. Red Hat and other sources corroborate the same description. Impact is a store...

CVE-2025-57393

A stored cross-site scripting XSS in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

Cross-site Scripting (XSS)

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete HTML sanitization in the client-side PDF export pipeline. An attacker can exploit...

CVE-2025-57393

A stored cross-site scripting XSS in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-10131

The All Social Share Options plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin BP Direct Menus 跨站脚本漏洞

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

CVE-2025-10490

The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.202 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress plugin WooCommerce Designer Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Stored Cross-site Scripting (XSS)

formcms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of uploaded avatar files, which allows an attacker to upload malicious .html files containing JavaScript that execute in a privileged user’s browser when accessed via a public URL...

WordPress Plugin Advance Portfolio Grid Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Advance Portfolio Grid has a cross-site scripting vulnerability that stems fro...

Simple Food Ordering System order.php File Cross-Site Scripting Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter ID in the file /ordersimple/order.php, which can be...

WordPress Plugin Ads by WPQuads Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Ads by WPQuads has a cross-site scripting vulnerability that stems from the...

CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation for example, with an intercepting proxy or by...