CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

isafari.nathab.com Cross Site Scripting vulnerability OBB-4047527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-WVCX-J62Q-45QW one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack...

WordPress Element Pack Elementor Addons plugin <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 5.10.28...

IBM Security Verify Governance Cross-Site Scripting Vulnerability (CNVD-2025-09286)

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. A cross-site scripting vulnerability exists in IBM Security Verify Governance...

CVE-2025-26906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows DOM-Based XSS.This issue affects WP Delete User Accounts: from n/a through = 1.2.3...

CVE-2025-32653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lee Blue Cart66 Cloud cart66-cloud allows Reflected XSS.This issue affects Cart66 Cloud: from n/a through = 2.3.7...

CVE-2025-32628

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham Crowdfunding for WooCommerce crowdfunding-for-woocommerce allows Reflected XSS.This issue affects Crowdfunding for WooCommerce: from n/a through = 3.1.12...

CVE-2025-24624

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems HT Event ht-event allows Reflected XSS.This issue affects HT Event: from n/a through = 1.4.6...

CVE-2025-24550 WordPress Job Manager plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JobScore Job Manager job-manager-by-jobscore allows Stored XSS.This issue affects Job Manager: from n/a through = 2.2...

CVE-2025-32490

CVE-2025-32490 is an Stored XSS vulnerability in the WordPress plugin wp secure (wp secure by sitesecuritymonitor.com), affecting versions up to 1.2. The issue arises from improper neutralization of input during web page generation. Impact is limited to confidentiality, integrity, and availabilit...

CVE-2025-32521

CVE-2025-32521 – Reflected XSS in Cool Flipbox – Shortcode & Gutenberg Block (Cool Flipbox) affects plugin versions

CVE-2025-32529 WordPress iONE360 configurator plugin <= 2.0.57 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iONE360 iONE360 configurator ione360-configurator allows Reflected XSS.This issue affects iONE360 configurator: from n/a through = 2.0.57...

CVE-2025-32531 WordPress Arconix FAQ plugin <= 1.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix FAQ allows Reflected XSS. This issue affects Arconix FAQ: from n/a through 1.9.5...

CVE-2025-32531 WordPress Arconix FAQ plugin <= 1.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Reflected XSS.This issue affects Arconix FAQ: from n/a through = 1.9.5...

CVE-2025-32560

CVE-2025-32560 concerns the WordPress WP-Hijri plugin. The connected Red Hat/Redundant sources and NVD entries specify an Improp er Neutralization of Input During Web Page Generation (Reflected XSS) vulnerability affecting the WP-Hijri plugin versions up to and including 1.5.3 . The description c...

CVE-2025-32582 WordPress WP AutoKeyword Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP AutoKeyword: from n/a through = 1.0...

CVE-2025-32605 WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon allows Reflected XSS. This issue affects MemberPress Discord Addon: from n/a through 1.1.1...

CVE-2025-32608

CVE-2025-32608 describes a reflected Cross-Site Scripting (XSS) in Movylo Marketing Automation up to version 2.0.7, caused by improper neutralization of input during web page generation. Public records (NVD, Red Hat, CVE List, PatchStack) confirm the affected product and version range, and that e...

CVE-2025-32674 WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit f...