CVE-2025-8874

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output...

CVE-2025-8690 Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inje...

CVE-2025-8685

CVE-2025-8685 — The WordPress plugin Wp chart generator (versions up to 1.0.4) is vulnerable to Stored Cross-Site Scripting via the plugin’s wpchart shortcode due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authentication at contributor level o...

CVE-2025-8462 RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-8661 Stored Cross-Site Scripting in Symantec PGP Encryption 11.0.1

A stored Cross-Site Scripting vulnerability XSS occurs when the server does not properly validate or encode the data entered by the user...

CVE-2024-52680

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting XSS in /login.php?m=admin&c=System&a=web&lang=cn...

CVE-2023-41519

Student Attendance Management System v1 was discovered to contain a cross-site scripting XSS vulnerability via the sessionName parameter at createSessionTerm.php...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...

CVE-2025-20331 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy

A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based managemen...

CVE-2025-51624

Cross-site scripting XSS vulnerability in Zone Bitaqati thru 3.4.0...

CVE-2025-8544 Portabilis i-Educar edit cross site scripting

A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-8542 Portabilis i-Educar empresas_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresascad.php. The manipulation of the argument fantasia/razaosocial leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-8542 Portabilis i-Educar empresas_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresascad.php. The manipulation of the argument fantasia/razaosocial leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-8541 Portabilis i-Educar public_uf_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/publicufcad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

CVE-2025-8538 Portabilis i-Educar novo cross site scripting

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched...

CVE-2025-50592

CVE-2025-50592 is an XSS vulnerability affecting SeaCMS (“seacms”) prior to version 13.2, exploitable via the vid parameter in Upload/js/player/dmplayer/player. Root cause is cross-site scripting in that input path, with the CVSSv3.1 base score listed as 5.4 (Medium). Affected product: SeaCMS v13...

CLSA-2025-1754341122 java-1.8.0-openjdk: Fix of 4 CVEs

Update to shenandoah-jdk8u462-b08 GA - Security fixes from OpenJDK 8u462-b08: - CVE-2025-30749: fix 2D vulnerability allowing remote attackers to compromise JVM via network access - CVE-2025-30754: fix JSSE vulnerability allowing unauthorized data access via TLS connections - CVE-2025-30761: fix...

CVE-2025-36605

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. An unauthenticated attacker with remote access could...

CVE-2025-50869

A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...