CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce HTML5 Video versions = 1.7.10...

PT-2025-6820 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Image Accordion widget due to insufficient input sanitization and output...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

CVE-2024-5519

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has...

Vulnerabilities fixed in VMware Aria Operations

VMware has fixed vulnerabilities in VMware Aria Operations. The vulnerabilities include an information leak that allows malicious users with View Only Admin privileges to potentially read the login credentials of integrated VMware products. In addition, there is a stored cross-site scripting...

CVE-2025-24680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7...

WordPress plugin Ask Me Anything 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

SUSE-SU-2025:0162-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. bsc1235387...

CVE-2024-13502

CVE-2024-13502 affects Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM. The issue is an OS command injection caused by improper neutralization: the commit_multicast web interface page passes untrusted input to an eval in a bash script, enabling arbitrary shell commands (Local Code...

CVE-2025-23664

Cross-Site Request Forgery CSRF vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through = 2.0.5...

CVE-2025-23859 WordPress Daily Proverb plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jd7777 Daily Proverb daily-proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through = 2.0.3...

PT-2025-3571 · Zenitel · Zenitel Alphaweb Xe

Name of the Vulnerable Software and Affected Versions: Zenitel AlphaWeb XE version 11.2.3.10 Description: An issue in the component /php/script uploads.php allows attackers to execute a directory traversal. Recommendations: For Zenitel AlphaWeb XE version 11.2.3.10, consider restricting access to...

PT-2025-5060 · Unknown · Martijn Scheybeler Social Analytics

Name of the Vulnerable Software and Affected Versions: Martijn Scheybeler Social Analytics versions n/a through 0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4872 · Go Social · Go Social

Name of the Vulnerable Software and Affected Versions: go Social versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentiall...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Orbit Fox by ThemeIsle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Modins theme < 1.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Modins - Insurance & Finance WordPress Theme versions 1.1.9...

Reflected Cross-Site Scripting (Reflected XSS)

Liferay Portal is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper handling of user input in the Dispatch name field, allowing remote attackers to execute arbitrary web script or HTML...

CVE-2024-52858

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...