CVE-2025-2194 MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be...

CVE-2025-20211

CVE-2025-20211 describes a cross-site scripting vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform. The flaw arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to persuade a user to click a crafte...

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

KLA79485 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...

KLA79484 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, obtain sensitive information, cause denial of service, perform cross-site scripting attack. Below is a...

CVE-2025-23057

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...

CVE-2025-0559

A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...

CVE-2024-12162

The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

PT-2024-35822 · Unknown · Simple Travel Map

Name of the Vulnerable Software and Affected Versions: Simple Travel Map versions n/a through 0.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

About the security content of visionOS2.1.1

About the security content of visionOS2.1.1 This document describes the security content of visionOS 2.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of...

PT-2024-39581 · WordPress · The Product Delivery Date For Woocommerce – Lite

Name of the Vulnerable Software and Affected Versions: The Product Delivery Date for WooCommerce – Lite plugin for WordPress versions up to, and including, 2.7.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the...

WordPress plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

About the security content of Safari 17.6

About the security content of Safari 17.6 This document describes the security content of Safari 17.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

WordPress Fluid Notification Bar plugin <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Fluid Notification Bar versions = 3.2.3...

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure 9.x, 22.x allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack...