The Backup Plus extension for TYPO3 (ns_backup) allows XSS

The nsbackup extension through 13.0.0 for TYPO3 allows XSS...

CVE-2009-10003

A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 ...

CVE-2025-22678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8...

CVE-2025-23988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4...

CVE-2025-5011 moonlightL hexo-boot Dynamic List Page index.html cross site scripting

A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2025-48203

The csseo extension through 9.2.0 for TYPO3 allows XSS...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4951

CVE-2025-4951 affects Rapid7 AppSpider Pro prior to version 7.5.018. A stored cross-site scripting vulnerability exists in the ScanName field; the app prevents special characters but this can be bypassed by directly modifying the configuration file. Impact described: stored XSS risk in ScanName w...

CVE-2025-2929

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

TOTOLINK N150RT URL Filtering Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a cross-site scripting vulnerability that stems from the URL Filtering Page component's lack of effective filtering and escaping of user-supplied data, and no details of the...

CVE-2025-39409

CVE-2025-39409 describes a reflected Cross-Site Scripting (XSS) in the WordPress plugin “WordPress Video Robot – The Ultimate Video Importer” from version 1.20.0 and earlier. The CVE record notes improper input handling during web page generation, enabling injection of scripts. CVSS v3.1 vector i...

CVE-2025-39450 WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.7...

CVE-2025-43834 WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tox82 cookieBAR cookiebar allows Stored XSS.This issue affects cookieBAR: from n/a through = 1.7.0...

CVE-2025-46262 WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Mad Mimi for WordPress mad-mimi allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through = 1.5.1...

CVE-2025-23983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through = 1.43...

CVE-2025-22792 WordPress Js O3 Lite theme <= 1.5.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2...

CVE-2024-51106

A cross-site scripting XSS vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter...

CVE-2025-48240 WordPress Cost of Goods for WooCommerce <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Cost of Goods for WooCommerce allows Stored XSS. This issue affects Cost of Goods for WooCommerce: from n/a through 3.7.0...

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

WordPress RegistrationMagic plugin < 6.0.2.1 - Stored XSS vulnerability

Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin RegistrationMagic versions 6.0.2.1...