CVE-2025-43740

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows...

CVE-2025-9138

Summary of CVE-2025-9138 (Scada-LTS 2.7.8.1) : A cross-site scripting vulnerability exists in the file path pointHierarchy/new/ where manipulation of the Title argument can trigger XSS. The issue appears to be exploitable remotely and the exploit has been made public. Public documents consistentl...

WordPress Terms of Service & Privacy Policy Generator plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Terms of Service & Privacy Policy Generator versions = 1.0...

PT-2025-33744 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.1 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

PT-2025-33743 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security issue exists in Scada-LTS 2.7.8.1 related to the processing of the view edit.shtm file within the SVG File Handler component. Manipulation of the backgroundImageMP argument can lead to...

Mermaid 跨站脚本漏洞

Mermaid is a mermaid-js open source application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions 10.9.0-rc.1 through 11.9.0, which stems from user-entered sequence diagram tags passed to innerHTML, potentially leading to...

PT-2025-33664 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.3 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in the dashboard text editor component, potentially allowing remote authenticated attackers to...

CVE-2025-8604

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-49038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through = 1.0.1...

CVE-2025-49037 WordPress Authentication and xmlrpc log writer plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects Authentication and xmlrpc log writer: from n/a through = 1.2.2...

CVE-2025-50040 WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Stored XSS.This issue affects CF7 Spreadsheets: from n/a through = 2.3.2...

CVE-2025-8688

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-33393 · Unknown · Cartpauj Shortcode Redirect

Name of the Vulnerable Software and Affected Versions: cartpauj Shortcode Redirect versions n/a through 1.0.02 Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS. This issue impacts the Shortcode Redirect component. Recommendations:...

PT-2025-33397 · WordPress · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder affected versions not specified Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS. Recommendations: At the moment, there is no information about...

GHSA-8MQ8-C243-2335 Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

GHSA-222W-XMC5-JHP3 Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

openjdk: Improve scripting supports (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...