WordPress Bold Page Builder plugin <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Bold Page Builder versions = 5.3.0...

CVE-2025-0668

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: before 1.4.5...

CVE-2024-12120

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget displaymessagetext parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for...

TOTOLINK N150RT LAN Settings Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

CVE-2025-23379

Dell Storage Center - Dell Storage Manager, versions 21.0.20, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script...

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

WordPress Crossword Compiler Puzzles plugin <= 14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ch4r0n in WordPress Plugin Crossword Compiler Puzzles versions = 14.5...

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

CVE-2025-40615

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

CVE-2025-46346

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

CVE-2025-1551

IBM Operational Decision Manager (ODM) versions 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 are affected by a cross-site scripting vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. IBM’s bulletin lists...

CVE-2025-1551 IBM Operational Decision Manager cross-site scripting

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Syndicate Out versions = 0.9...

CVE-2025-4000

A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site...

CVE-2015-4582

CVE-2015-4582 affects TheCartPress boot-store theme (WordPress) version 1.6.4. The flaw is a cross-site scripting (XSS) vulnerability in header.php via the tcp_register_error function. Public sources in the connected docs identify the affected software and the XSS outcome, but do not provide a co...

CVE-2025-3965

A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-46482

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyThemeShop WP Quiz wp-quiz allows Stored XSS.This issue affects WP Quiz: from n/a through = 2.0.10...

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...