CVE-2022-41612

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Shareaholic Similar Posts plugin = 3.1.6 versions...

CVE-2022-45358

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

CVE-2022-44742

Auth. admin+ Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin = 1.4.8 versions...

CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

CVE-2022-4595

A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposedhosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2022-48007

A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...

CVE-2022-4791

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-46968

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

CVE-2025-48203

The csseo extension through 9.2.0 for TYPO3 allows XSS...

CVE-2022-45722

ezEIP v5.3.00649 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-45758

SENS v1.0 is vulnerable to Cross Site Scripting XSS via com.liuyanzhao.sens.web.controller.admin, getRegister...

CVE-2022-45280

A cross-site scripting XSS vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2022-45020

Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting XSS vulnerability in the component /rukovoditel/index.php?module=users/login. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted GET request...

CVE-2022-25489

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...

CVE-2022-4362

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds...

PT-2025-57: Stored XSS leads to CSRF in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store an XSS payload that later triggers forged requests on behalf of the victim CSRF, broadening the impact of the attack. Vulnerability status: Confirmed by vendor...

CVE-2022-42116

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the 1 name, or 2 namespace...

CVE-2022-41442

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...

CVE-2022-4000

The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...