6262 matches found
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...
Dash Framework - Cross-site Scripting
Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting XSS via href attribute in anchor tags. This template tests for javascript:alert payload injection. id: CVE-2024-21485 info: name: Dash Framework - Cross-site Scripting author: Lee Changhyuneeche severity: medium...
CVE-2026-57396
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...
CVE-2026-57402
CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions
Gitea 1.22.0 - Cross-Site Scripting
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...
CVE-2026-13710
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...
CVE-2026-8315
The CVE-2026-8315 entry concerns a Stored XSS in Mediküm Web (Webbeyaz Web Design). Affected component: input handling during web page generation with improper neutralization of input as the root cause. Impact is Stored XSS (confidentiality/integrity impact low; availability none; user interactio...
CVE-2026-6742
The data shows CVE-2026-6742 affects the WordPress Advanced iFrame plugin: all versions up to 2026.1 are vulnerable to Stored Cross-Site Scripting via the Gutenberg Block 'additional' attribute due to insufficient input sanitization and output escaping. This allows authenticated users with contri...
CVE-2026-12948
The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...
WordPress tagDiv Composer plugin <= 5.4.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Composer versions = 5.4.5...
CVE-2026-4322
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...
PT-2026-55500
Name of the Vulnerable Software and Affected Versions JSON API User versions prior to 4.1.1 Description The JSON API User plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the post comment function fails to properly sanitize input, allowing the comment content...
CVE-2025-69155
CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...
CVE-2026-13704
Summary: CVE-2026-13704 affects the GiveWP – Donation Plugin and Fundraising Platform for WordPress. The vulnerability is a Stored Cross‑Site Scripting issue exploitable via the parameter sequoia[introduction][image] and exists in all versions up to and including 4.16.1 due to insufficient input ...
CVE-2026-58030 SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...
EUVD-2025-210382
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2026-13557
The CVE-2026-13557 affects itsourcecode Online Hotel Management System 1.0. An attacker can manipulate the Name argument in the POST handler at /admin/mod_room/controller.php?action=add, triggering cross-site scripting. The vulnerability is exploitable remotely, and public exploit code appears to...
CVE-2026-13245
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-11356
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-53051
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...