CVE-2026-39693

CVE-2026-39693 affects the WordPress plugin FSM Custom Featured Image Caption by fesomia, with a DOM-Based XSS due to improper neutralization of input during web page generation. Affected versions are up to and including 1.25.1 . Red Hat/NVD/CVE records also confirm the issue and indicate the imp...

CVE-2026-35399

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

EUVD-2026-19927

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39837

CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

WordPress Royal Elementor Addons plugin <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via REST API Meta Bypass vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Royal Elementor Addons versions = 1.7.1049...

CVE-2026-3879

Summary: CVE-2026-3879 affects Zohocorp ManageEngine Exchange Reporter Plus (pre-5802). The vulnerability is a Stored XSS in the Equipment Mailbox Details report. The NVD/NVD-derived entries confirm affected software and release version boundary (before 5802). The CVSSv3.1 vector is AV:N/AC:L/PR:...

CVE-2026-29598

Multiple stored cross-site scripting XSS vulnerabilities in the submitadduser.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters...

CVE-2026-34887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0...

WordPress plugin King Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-20915

Checkmk CVE-2026-20915 describes a stored XSS in the Pending Changes sidebar affecting Checkmk 2.5.0 (beta) before 2.5.0b2. An authenticated user with permission to create pending changes can inject JavaScript, which then executes in the browsers of other users viewing the sidebar. Impact per CVS...

CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

CVE-2026-4146

CVE-2026-4146 — The Loco Translate WordPress plugin is vulnerable to a Reflected Cross-Site Scripting via the update_href parameter in all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Unauthenticated attackers could inject arbitrary web scripts in pages execute...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

EUVD-2026-17103

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewpayments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

CVE-2026-30557

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcategory.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

CVE-2026-30558

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcustomer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2021-27676

Centreon version 20.10.2 is affected by a cross-site scripting XSS vulnerability. The depdescription Dependency Description and depname Dependency Name parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration Notifications Hosts page...

CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...