CVE-2025-31473

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Stored XSS.This issue affects WP Database Optimizer: from n/a through = 1.2.1.3...

Yonyou UFIDA ERP-NC /menu.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

Yonyou UFIDA ERP-NC /help/top.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

CVE-2025-28097

OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers (CVE-2025-28097). The CVSS v3.1 vector (AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L) yields a base score of 5.5 (Medium). Exploitation details, affected components, and exact root cause are not fully enumerated in the provided doc...

CVE-2025-28253

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting

A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...

[SECURITY] [DLA 4094-1] mercurial security update

Debian LTS Advisory DLA-4094-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson March 27, 2025 https://wiki.debian.org/LTS Package : mercurial Version : 5.6.1-4+deb11u1 CVE ID : CVE-2025-2361 Debian Bug : 1100899 A cross-site scripting vulnerability was discover...

CVE-2025-30366

WeGIA is a web manager for charitable institutions. CVE-2025-30366 describes a stored XSS vulnerability in WeGIA versions prior to 3.2.8 , affecting the file path or function related to personalizacao.php . The underlying issue is a stored script that is delivered to users’ browsers when pages ar...

hanflower.biz Cross Site Scripting vulnerability OBB-4040910

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-26736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through = 1.3.2...

GHSA-RCW3-WMX7-CPHR Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter

Impact In vega 5.30.0 and lower, vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. Patches Patched in vega 5.31.0 / vega-functions 5.16.0 Workarounds Is there a way for users to fix or remediate th...

CVE-2025-26734

CVE-2025-26734 concerns the WordPress theme Hester (by Hester) with a Stored XSS vulnerability in Hester versions up to 1.1.10 due to improper input neutralization during web page generation. The issue is authenticated (Contributor+) and affects Hester up to 1.1.10; Wordfence lists patch status a...

CVE-2025-0811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting...

elengornrealtors.com Cross Site Scripting vulnerability OBB-4040834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-30918 WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through = 1.6.3...

CVE-2025-30873 WordPress Greenshift plugin <= 11.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Stored XSS.This issue affects Greenshift: from n/a through = 11.0.2...

CVE-2025-30850 WordPress Dr. Flex plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sfaerber Dr. Flex dr-flex allows Stored XSS.This issue affects Dr. Flex: from n/a through = 2.0.0...

efl.com.fj Cross Site Scripting vulnerability OBB-4040763

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

e-ceny.pl Cross Site Scripting vulnerability OBB-4040706

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress plugin ARPrice 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...