PT-2025-44013

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 Description IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is susceptible to stored cross-site scripting. An authenticated user can inje...

EUVD-2025-35910

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-11823

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

PT-2025-43715

Name of the Vulnerable Software and Affected Versions Testimonial Carousel For Elementor plugin for WordPress versions prior to 11.6.3 Description The Testimonial Carousel For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and...

CVE-2025-52755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through = 1.0.1...

CVE-2025-10727

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4...

EUVD-2025-35660

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4...

Cross-site Scripting (XSS)

Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sendDirectoryListing in StaticHandlerImpl.java. An attacker can execute arbitrary JavaScript in the browser context of users viewing the director...

CVE-2025-10138

The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11813 Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

EUVD-2025-35327

The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's st-categories shortcode in versions less than, or equal to, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11834

The CVE CVE-2025-11834 (WP AD Gallery) affects WordPress WP AD Gallery plugin versions ≤ 1.3, with stored XSS via the startindex parameter in the ad-gallery shortcode. Root cause: insufficient input sanitization and output escaping; authenticated attackers with contributor-level access can inject...

MediaWiki - CookieConsent Extension 安全漏洞

The MediaWiki CookieConsent Extension is an extension for the MediaWiki platform whose main function is to manage the site's cookie policy and user consent mechanisms. MediaWiki CookieConsent Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

CVE-2025-62670 Stored XSS through a system message in FlexDiagrams

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - FlexDiagrams Extension allows Stored XSS.This issue affects Mediawiki - FlexDiagrams Extension: master...

CVE-2025-24833

Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-10194

The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-34532

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

CVE-2025-11161

CVE-2025-11161 affects the WPBakery Page Builder plugin for WordPress (versions up to 8.6.1). The vulnerability is a Stored Cross-Site Scripting (XSS) in the vc_custom_heading shortcode due to insufficient restriction of allowed HTML tags and improper sanitization of font_container attributes. Th...

CVE-2025-7652

The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...