CVE-2024-9017

The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-52842 Laundry 2.3.0 - Account Takeover via Reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0...

CVE-2024-12915

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02...

CVE-2025-52462

CVE-2025-52462 is a Cross-site scripting vulnerability affecting Active! mail versions 6.30.01004145 through 6.60.06008562. The issue can allow arbitrary script execution in the logged-in user’s browser when visiting a specially crafted URL. Affected product: Active! mail. Remediation per multipl...

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via button+modal Widget vulnerability discovered by Webbernaut in WordPress Plugin WidgetKit versions = 2.5.4...

CVE-2025-53282

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Thumbnail Editor thumbnail-editor allows Stored XSS.This issue affects Thumbnail Editor: from n/a through = 2.3.3...

CVE-2025-53294

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through = 4.9...

CVE-2024-52900 IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2025-5015

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one...

CVE-2025-53336

CVE-2025-53336 is a stored XSS vulnerability affecting the WordPress plugin My Resume Builder . The issue arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software versions are from unspecified earliest onward to version 1.0.3...

WordPress FL3R Accessibility Suite plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability discovered by Gilang in WordPress Plugin FL3R Accessibility Suite versions = 1.4...

WordPress plugin WP Edit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin SpecFit-Virtual Try On Woocommerce 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

CVE-2025-6698 LabRedesCefetRJ WeGIA Adicionar tipo adicionar_tipoSaida.php cross site scripting

A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionartipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site...

WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Wall versions = 1.7.3...

CVE-2025-6290

The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress WP-PhotoNav plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via photonav Shortcode vulnerability discovered by Gilang in WordPress Plugin WP-PhotoNav versions = 1.2.2...

WordPress plugin e.nigma buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2025-5015

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one...