CVE-2025-31604 WordPress Cal.com plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Cal.com Cal.com cal-com allows Stored XSS.This issue affects Cal.com: from n/a through = 1.0.0...

CVE-2025-31593 WordPress OpenMenu plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5...

CVE-2025-31593 WordPress OpenMenu plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5...

CVE-2025-31589

CVE-2025-31589 affects the Ethiopian Calendar WordPress plugin (versions up to 1.1.1). The issue is an authenticated (Contributor+) Stored Cross-Site Scripting caused by improper input neutralization during web page generation. The vulnerability is currently reported as Unpatched; monitor for ven...

CVE-2025-31543

CVE-2025-31543 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin Twice Commerce . The description specifies improper input neutralization during web page generation, enabling DOM-level XSS. Affected software is listed as “Twice Commerce: from n/a through 1.3.1,” indicating...

CVE-2025-30961 WordPress Trackserver plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tinuzz Trackserver trackserver allows DOM-Based XSS.This issue affects Trackserver: from n/a through = 5.1.0...

benotac.es Cross Site Scripting vulnerability OBB-4041464

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-2981

A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-2976

CVE-2025-2976 affects GFI KerioConnect 10.0.6, with the vulnerability located in the File Upload component. The issue allows cross-site scripting via manipulation of uploaded content, and the attack can be launched remotely. Multiple connected sources describe an unknown file-upload function as t...

CVE-2025-2975 GFI KerioConnect Signature EditHtmlSource cross site scripting

A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated...

b.cms.ptwp.pl Cross Site Scripting vulnerability OBB-4041299

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-22767

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Reflected XSS.This issue affects GlobalPayments WooCommerce: from n/a through = 1.13.2...

tegelspreuken.nl Cross Site Scripting vulnerability OBB-4041253

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aircrewacademy.com Cross Site Scripting vulnerability OBB-4041162

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-30363

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...

CVE-2025-26762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 9.7.0...

CVE-2025-30789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in clearoutio Clearout Email Validator clearout-email-validator allows Stored XSS.This issue affects Clearout Email Validator: from n/a through = 3.2.0...

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...

godela.com.br Cross Site Scripting vulnerability OBB-4041043

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

csrocketry.com Cross Site Scripting vulnerability OBB-4041025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...