CVE-2025-53579

CVE-2025-53579 affects the WordPress Captcha.eu plugin (versions prior to 1.0.61). It is a Reflected XSS vulnerability due to improper input neutralization during web page generation. Public references indicate a patch exists: upgrade to 1.0.61 (or later) to fix the issue. Exploitation status is ...

CVE-2025-53225 WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3...

PT-2025-35007

Name of the Vulnerable Software and Affected Versions: Mesa Mesa Reservation Widget versions through 1.0.0 Description: The Mesa Mesa Reservation Widget contains a Stored Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Mes...

Linux Distros Unpatched Vulnerability : CVE-2021-26947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in t...

PT-2025-34921 · Rtcamp · Rtcamp Transcoder

Name of the Vulnerable Software and Affected Versions: rtCamp Transcoder versions through 1.4.0 Description: rtCamp Transcoder is susceptible to a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update rtCamp Transcoder to...

Linux Distros Unpatched Vulnerability : CVE-2024-52762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or...

WordPress plugin Ogulo – 360° Tour 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

CVE-2025-43753

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update ...

CVE-2025-55105

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

CVE-2025-55104 BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-43756

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter...

CVE-2025-8064

The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

PT-2025-34313 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.32 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.7 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.1 through...

CVE-2025-54172

CVE-2025-54172 affects QuickCMS. The vulnerability is a Stored XSS in the sTitle parameter of the page editor . An attacker with admin privileges can inject arbitrary HTML/JS that will be rendered when visiting the edited page; regular admin users cannot inject scripts. Only version 6.8 was teste...

CVE-2025-54055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through = 1.5.2...

CVE-2025-48154

CVE-2025-48154 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder , affecting versions

WordPress plugin Markup Markdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-22JP-W3CG-GVMM Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...