CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3...

GHSA-W7GH-F2FM-9Q8R PEAR HTTP_Request2 vulnerable to Cross-site Scripting

In PEAR HTTPRequest2 before 2.7.0, multiple files in the tests directory, notably tests/network/getparameters.php and tests/network/postparameters.php, reflect any GET or POST parameters, leading to XSS...

CVE-2025-29015

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...

CVE-2025-43717

In PEAR HTTPRequest2 before 2.7.0, multiple files in the tests directory, notably tests/network/getparameters.php and tests/network/postparameters.php, reflect any GET or POST parameters, leading to XSS...

WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Rescue Shortcodes versions = 3.1...

CVE-2025-39585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolkit: from n/a through = 1.2.1...

CVE-2025-2314

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...

WordPress plugin Checkout Files Upload for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2025-26951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in covertnine C9 Blocks c9-blocks allows DOM-Based XSS.This issue affects C9 Blocks: from n/a through = 1.7.7...

CVE-2025-30970

CVE-2025-30970 is a reflected XSS in the WordPress plugin Easy Contact (NotFound Easy Contact) affecting version 0.1.2 and earlier. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L with a base score of 7.1 (HIGH). The exploitation described is Reflected XSS via improper input ...

CVE-2025-26870 WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through = 3.6.4.1...

CVE-2025-30727

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2025-26743

CVE-2025-26743 : Reflected XSS in the WordPress plugin Advance WP Query Search Filter (affected from unspecified versions up to 1.0.10). Root cause: Improper Neutralization of Input During Web Page Generation. CVSSv3.1 base score 7.1 (HIGH) with network attack vector, no privileges, user interact...

CVE-2024-13610

CVE-2024-13610 affects the WordPress plugin Simple Social Media Share Buttons – Social Sharing for Everyone (

WordPress plugin Global Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin ZooEffect versions = 1.11...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing malicious scripts to be executed in the context of a user's browser...

CVE-2025-31021

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dolbyuk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a through = v1.3.16...

CVE-2025-3532 YouDianCMS index.html.Attackers cross site scripting

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-3531

CVE-2025-3531 affects YouDianCMS version 9.5.21. The vulnerability resides in the file /App/Tpl/Admin/Default/Log/index.html where manipulation of the arguments UserName/LogType enables cross-site scripting. It is exploitable remotely and the exploit has been disclosed publicly; vendor response i...