CVE-2025-4943

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-48875

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

PT-2025-23304 · Unknown +1 · Collaborative Industry Innovator +1

Name of the Vulnerable Software and Affected Versions: Collaborative Industry Innovator versions R2022x through R2025x Description: A stored Cross-site Scripting XSS vulnerability in 3D Markup allows an attacker to execute arbitrary script code in a user's browser session. This issue affects the...

WordPress Tournamatch plugin <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin Tournamatch versions = 4.6.1...

PT-2025-23120 · Vuetify · Vuetify

Name of the Vulnerable Software and Affected Versions: Vuetify versions 2.0.0 through 2.x Description: The issue arises from the improper neutralization of the eventMoreText property value in the VCalendar component, allowing unsanitized HTML to be inserted into the page. This can lead to a...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

PT-2025-23036 · Stackrox · Stackrox

Name of the Vulnerable Software and Affected Versions: Stackrox affected versions not specified Description: A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the...

CVE-2025-40663 Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

VMware ESXi 7.0 / 8.0 Multiple Vulenerabilities (VMSA-2025-0010)

The version of VMware ESXi installed on the remote host is 7.0.x prior to 7.0 Update 3v or 8.0.x prior to 8.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0010 advisory. - ESXi contains a denial-of-service vulnerability that occurs when performi...

ROS-20250526-06

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the Shamir implementation uses pre-computed table lookups. Exploitation of the vulnerability could allow an attacker to gain access to potentially sensitive information...

CVE-2025-31636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

CVE-2025-48241

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.9.3...

CVE-2025-5133 Tmall Demo Search Box cross site scripting

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2025-48369

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

CVE-2025-46437

CVE-2025-46437 – Reflected Cross-Site Scripting in the WordPress Tayori Form plugin (versions

CVE-2025-46518 WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3...

CVE-2025-47673 WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.16...