EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-61931

CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...

EUVD-2025-35799

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-58070

CVE-2025-58070 affects Pleasanter: stored XSS in Preview for Attachments. Root cause is insecure handling in the attachment preview feature, enabling arbitrary script execution in a logged‑in user’s browser. Impact is user‑level (confidentiality/integrity not clearly affected beyond script execut...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in "Rich Text" type fields within web content structures, document types, or custom assets using the Data Engine module,...

WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

WordPress Bg Book Publisher plugin cross-site scripting vulnerability

WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Cross-site Scripting (XSS)

Overview Piranha.Manager is a manager panel for Piranha CMS for AspNetCore. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the /manager/pages component when user-supplied input is injected into Markdown blocks. An attacker can execute arbitrary web scripts or HTML...

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

EUVD-2025-35654

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

CVE-2025-54856

Movable Type is affected by a stored XSS in Edit ContentData (CVE-2025-54856). Exploitation requires input stored by a user with ContentType Management privileges, leading to script execution in the browser of users who access the Edit ContentData page. The issue is confirmed in multiple advisori...

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

Mediawiki - ExternalGuidance Cross-Site Scripting Vulnerability

Mediawiki - ExternalGuidance is an extension for providing links or resources for external guidance. Mediawiki - ExternalGuidance suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type is an application from Six Apart USA. Six Apart Movable Type is an application from Six Apart, Inc. that provides features such as multiple users, comments, references TrackBack, topics, and more. A cross-site scripting vulnerability exists in Six Apart Movable Type, which...

Mediawiki - FlexDiagrams Extension Cross-Site Scripting Vulnerability

Mediawiki - FlexDiagrams Extension is an extension to MediaWiki for embedding and displaying diagrams or flowcharts in wiki pages. Mediawiki - FlexDiagrams Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Weseek Growi 跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A cross-site scripting vulnerability exists in Weseek Growi v4.2.7 and earlier versions, which stems from a cross-site scripting vulnerability in the Page Alerts feature that could lead to the execution of...

CVE-2025-11818 WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprmteam' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-60933

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

WordPress plugin Bg Book Publisher 跨站脚本漏洞

WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...