CVE-2025-30630 WordPress Global Translator plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pozzad Global Translator global-translator allows Stored XSS.This issue affects Global Translator: from n/a through = 2.0.2...

CVE-2025-49310

CVE-2025-49310: Stored XSS in the Frontend Dashboard WordPress plugin (Frontend Dashboard) allowed authenticated users to inject scripts via improper input neutralization during web page generation; affects Frontend Dashboard v1.0 through 2.2.8 (auth+); patched in v2.2.8.

CVE-2025-49067

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NasaTheme Nasa Core nasa-core allows Stored XSS.This issue affects Nasa Core: from n/a through 6.4.1...

CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

SourceCodester Student Result Management System 代码注入漏洞

SourceCodester Student Result Management System is a SourceCodester open source student result management system. A code injection vulnerability exists in SourceCodester Student Result Management System version 1.0, which originates from a cross-site scripting error in the file...

CVE-2025-27754

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...

WordPress Simple Google Static Map plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Simple Google Static Map versions = 1.0.1...

Grafana 11.1.x < 11.6.0+security-01 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is 11.1.x earlier than 11.2.8+security-01, or 11.1.x earlier than 11.3.5+security-01, or 11.1.x earlier than 11.4.3+security-01, or 11.1.x earlier than 11.5.3+security-01, or 11.1.x earlier than...

CVE-2025-5411

A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tagresources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting

A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to...

BIT-DRUPAL-2025-31675 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It al...

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

CVE-2025-4991

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-5377

CVE-2025-5377 affects Astun Technology iShare Maps 5.4.0. The issue is a cross-site scripting vulnerability in historic1.asp caused by improper handling of the Zoom parameter, which can be triggered remotely. Multiple connected sources confirm the vulnerability and public disclosure of the exploi...

CVE-2025-4992

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4984

CVE-2025-4984 describes a stored XSS vulnerability in City Discover within City Referential Manager on Release 3DEXPERIENCE R2025x. The issue affects City Discover/City Referential Manager components and could allow an attacker to execute arbitrary script code in a user’s browser session. The lin...

CVE-2025-4943

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...