CVE-2025-57929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kanweidoublethedonation Double the Donation double-the-donation allows Stored XSS.This issue affects Double the Donation: from n/a through = 2.0.0...

CVE-2025-57935

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block - Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analytics-referrals allows Stored XSS.This issue affects Bot Block - Stop Spam Referrals in Google Analytic...

CVE-2025-57959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tmatsuur Slightly troublesome permalink slightly-troublesome-permalink allows Stored XSS.This issue affects Slightly troublesome permalink: from n/a through = 1.2.0...

CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

CVE-2025-57900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through = 2.4.2...

CVE-2025-58237 WordPress LC Wizard plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through = 2.2.4...

CVE-2025-58265

CVE-2025-58265 : Stored XSS in WordPress plugin “Events Manager – OpenStreetMaps” (Stonehenge Creations). Affected: Events Manager – OpenStreetMaps, version range up to 4.2.1. Root cause: improper input neutralization during web page generation, enabling authenticated users to inject scripts that...

CVE-2025-58658 WordPress Proof Factor – Social Proof Notifications Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notifications allows Stored XSS.This issue affects Proof Factor – Social Proof Notifications: from n/a through =...

CVE-2025-58682 WordPress Kama Click Counter plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timur Kamaev Kama Click Counter kama-clic-counter allows Stored XSS.This issue affects Kama Click Counter: from n/a through = 4.0.4...

CVE-2025-36139

IBM Lakehouse watsonx.data 2.2 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-9969 Reflected XSS in Vizly Web Design's Real Estate Packages

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS. This issue affects Real Estate Packages: before 5.1...

CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8394 Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode

The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-6575

CVE-2025-6575 is a reflected XSS in Dolusoft Omaspot caused by improper input neutralization during web page generation. Affected versions are prior to 12.09.2025. Attack vector is network with user interaction required for exploitation; impact is partial confidentiality and integrity concerns as...

GHSA-MVH4-2CM2-6HPG Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-40695

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...

CVE-2025-9860

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-8398

CVE-2025-8398 concerns the azurecurve BBCode WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s url shortcode in all versions up to and including 2.0.4. It affects authenticated users with contributor-level access and above, enabling injection of scripts t...

CVE-2025-8215 Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...