Stored Cross-site Scripting (XSS)

moonshine/moonshine is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Create Article function’s Link parameter, which allows an attacker to inject a crafted payload and execute arbitrary web scripts or HTML...

GHSA-66X6-8JGV-QPFH Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...

CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

CVE-2025-40642

Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...

PT-2025-37008

Name of the Vulnerable Software and Affected Versions: MyBrain Utilities plugin for WordPress versions up to and including 1.0.8 Description: The MyBrain Utilities plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mbumap shortcode due to inadequate input sanitization...

Linux Distros Unpatched Vulnerability : CVE-2022-47372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability b...

CVE-2025-54252 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...

WordPress plugin Include Me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2025-58825

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Habibur Rahman Comment Form WP - Customize Default Comment Form comment-form-wp allows Stored XSS.This issue affects Comment Form WP - Customize Default Comment Form: from n/a through = 2.0.1...

CVE-2025-6757 Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode

The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9922

A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has bee...

CVE-2025-58791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arjan Olsder SEO Auto Linker wpa-seo-auto-linker allows Stored XSS.This issue affects SEO Auto Linker: from n/a through = 1.5.3...

CVE-2025-58828 WordPress 코드엠샵 소셜톡 plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codemstory 코드엠샵 소셜톡 mshop-naver-talktalk allows Stored XSS.This issue affects 코드엠샵 소셜톡: from n/a through = 1.2.2...

CVE-2025-58791 WordPress SEO Auto Linker Plugin <= 1.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arjan Olsder SEO Auto Linker wpa-seo-auto-linker allows Stored XSS.This issue affects SEO Auto Linker: from n/a through = 1.5.3...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.layout.taglib is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the content page's name field, which allows an attacker to inject and execute malicious JavaScript code when a user views the "document Vi...

CVE-2025-41044 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

CVE-2025-9823

Summary of CVE-2025-9823 (Reflected XSS in lead:addLeadTags) : The vulnerability affects Mautic (open source marketing automation) via the server-side input field “Tags” in the /s/ajax?action=lead:addLeadTags endpoint. The issue arises because user-supplied input is reflected back in the server r...

CVE-2025-3478

A Stored Cross-Site Scripting XSS vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited...

PT-2025-35194

Name of the Vulnerable Software and Affected Versions: Events Addon for Elementor plugin for WordPress versions prior to 2.2.9 Description: The Events Addon for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Typewriter and Countdown widgets. Insufficient...