CVE-2025-54698

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through = 5.0.0...

WordPress Taeggie Feed Cross-Site Scripting Vulnerability

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

WordPress plugin Taeggie Feed 跨站脚本漏洞

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

GHSA-4V9V-HFQ4-RM2V webpack-dev-server users' source code may be stolen when they access a malicious web site

Summary Source code may be stolen when you access a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. Note that the attacker has to know the port and the output entrypoi...

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

PT-2025-15953 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions n/d through 3.4.0 Description: The issue is related to an improper neutralization of script-related HTML tags in a web page, which can lead to a basic Cross-Site Scripting XSS attack. This allows an attacker to inject...

WordPress plugin Better Section Navigation Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2025-5498 · Unknown · Listamester

Name of the Vulnerable Software and Affected Versions: Listamester versions through 2.3.4 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Stored XSS attacks. This means an attacker can inject malicious scripts into the web...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in Fortinet FortiPortal that stems from an...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-36101

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder versions through 1.7.1 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, allowing code injection. This is a Basic XSS vulnerability that affects ARForms Form Builder,...

Django Filer 代码问题漏洞

Django Filer is an open source file management application for Django from the Django CMS Association. A code issue vulnerability exists in Django Filer version 3 up to and including version 3.3, which stems from allowing unlimited uploads of dangerous types of files, improper input validation, a...

CVE-2024-51757

A flaw was found in happy-dom. This vulnerability allows remote code execution via a script tag, potentially executing code in the user context of happy-dom...

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom versions prior to 15.10.2, which originates from code execution on the host via script tags, leading to code...

PT-2024-34888 · Happy-Dom · Happy-Dom

Name of the Vulnerable Software and Affected Versions: happy-dom versions prior to 15.10.2 Description: happy-dom is a JavaScript implementation of a web browser without its graphical user interface. It may execute code on the host via a script tag, which would execute code in the user context of...

DEBIAN-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

UBUNTU-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...