CVE-2025-44206

Hexagon HxGN OnCall Dispatch Advantage Web v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage Mobile v10.2402 are vulnerable to Cross Site Scripting XSS which allows a remote authenticated attacker with access to the Broadcast Person functionality to execute arbitrary code...

CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...

CVE-2025-6551

The CVE-2025-6551 entry affects java-aodeng Hope-Boot 1.0.0, specifically the Login function in WebController.java. The vulnerability arises from improper handling of the errorMsg argument, enabling cross-site scripting (XSS). The issue is potentially exploitable remotely and, per sources, a publ...

WordPress Auto Attachments plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Auto Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2025-52782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

CVE-2024-54183

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...

CVE-2025-6353

CVE-2025-6353 affects code-projects Responsive Blog 1.0. Affected component: the /search.php function where manipulating the keyword/argument parameter leads to cross-site scripting. Exploitation is remote and has been publicly disclosed; multiple sources corroborate a code path enabling XSS. The...

CVE-2025-52782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

CVE-2025-50050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.7.14...

CVE-2025-50043

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...

CVE-2025-50030

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through = 1.0.7...

CVE-2025-50037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through = 2.3.0...

CVE-2025-50021

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert Peake Better Random Redirect better-random-redirect allows Stored XSS.This issue affects Better Random Redirect: from n/a through = 1.3.20...

CVE-2025-50023

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embed Block codepen-embed-block allows Stored XSS.This issue affects CodePen Embed Block: from n/a through = 1.2.0...

CVE-2025-50015 WordPress Hand Talk plugin <= 6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rodrigo Bastos Hand Talk handtalk allows Stored XSS.This issue affects Hand Talk: from n/a through = 6.1...

CVE-2025-50043 WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...

CVE-2025-50049 WordPress Modern Footnotes plugin <= 1.4.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prismtechstudios Modern Footnotes modern-footnotes allows Stored XSS.This issue affects Modern Footnotes: from n/a through = 1.4.19...

WordPress Inventory Presser plugin <= 15.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by greenhats in WordPress Plugin Inventory Presser versions = 15.2.6...

WordPress ANON::form embedded secure form plugin <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin ANON::form embedded secure form versions = 1.7...

CVE-2025-49863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP CodeUs Advanced Sermons advanced-sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through = 3.6...