130 matches found
CVE-2025-12163
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
EUVD-2025-198606
FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
WordPress plugin Broken Link Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-12406 Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...
CVE-2025-61623 Apache OFBiz: Reflected Cross-site Scripting
Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...
aEnrich a+HRD 跨站脚本漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A cross-site scripting vulnerability exists in aEnrich a+HRD, which originates from stored cross-site scripting and could allow a remote attacker with administrator privileges to inject persistent...
PT-2025-46678
Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.6 48 Description A Cross Site Scripting XSS issue exists in CrushFTP. The web-based server’s file sharing feature reflects the filename to an email body field without proper sanitization, leading to potential HTML...
PT-2025-46262
Name of the Vulnerable Software and Affected Versions Simple Donate plugin for WordPress versions prior to 1.1 Description The Simple Donate plugin for WordPress is susceptible to Stored Cross-Site Scripting through the simpledonate shortcode. Insufficient input sanitization and output escaping o...
PT-2025-46320
Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below Description ManageEngine Exchange Reporter Plus versions 5723 and below are susceptible to a Stored Cross-Site Scripting XSS issue within the Custom report functionality. This allows...
WordPress plugin YSlider 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
CVE-2025-62971
CVE-2025-62971 is a stored XSS vulnerability affecting CrestaProject Attesa Extra WordPress plugin (Attesa Extra) versions up to and including 1.4.5. Connected sources corroborate the flaw and specify stored XSS in input handling during web page generation, impacting Attesa Extra versions n/a thr...
Revive Adserver: Reflected XSS in account-preferences-plugin.php
A reflected cross-site scripting RXSS vulnerability was discovered in revive-adserver-6.0.1/www/admin/account-preferences-plugin.php via the group query parameter. Untrusted input was reflected without proper output encoding or context-aware escaping, allowing injection of JavaScript into the...
PT-2025-43266
Name of the Vulnerable Software and Affected Versions Chibueze Okechukwu SEO Pyramid seo-pyramid versions through 1.9.8 Description The software contains a flaw related to improper input handling during web page creation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for th...
PT-2025-43159
Name of the Vulnerable Software and Affected Versions Shiva WSAnalytics versions through 1.1.2 Description A flaw exists in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards that allows for Reflected Cross-site Scripting XSS. This occurs due to improper neutralization of input during...
EUVD-2025-35183
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...
Desknets Neo 跨站脚本漏洞
Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...
EUVD-2011-3565
Malware in sbrugna...
EUVD-2018-2989
Malware in sbrugna...
ALPINE-CVE-2025-46818
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...
PT-2025-40592
Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below Description Redis, an in-memory database, has an issue where an authenticated user can use a crafted Lua script to manipulate LUA objects and potentially execute code in another user's context. This affects all...