CVE-2025-2573 Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Amazing service box Addons For WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress plugin Zalo Live Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Stylish Price List plugin < 7.1.12 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Stylish Price List versions 7.1.12...

CVE-2025-1798

CVE-2025-1798 is an unauthenticated stored XSS in Design Comuni Italia WordPress Theme prior to 1.1.2, caused by unescaped/sanitised parameters in output, enabling stored XSS. Affected: Design Comuni Italia Theme (

CVE-2025-30595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30600 WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thiagogsrwp WP Hotjar wp-hotjar allows Stored XSS.This issue affects WP Hotjar: from n/a through = 0.0.3...

CVE-2025-30595

CVE-2025-30595 describes a stored XSS in the WordPress project/component named "include-file" due to improper input neutralization during web page generation. Affected: include-file (WordPress plugin/component named include-file). Exploitation details are not provided beyond the stored XSS classi...

CVE-2025-30545 WordPress issuuPress plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixeline issuuPress issuupress allows Stored XSS.This issue affects issuuPress: from n/a through = 1.3.2...

[SECURITY] [DSA 5883-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5883-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2025 https://www.debian.org/security/faq -...

CVE-2025-2479 Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter

The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Easy Custom Admin Bar plugin <= 1.0 - Reflected Cross-Site Scripting via msg Parameter vulnerability

Reflected Cross-Site Scripting via msg Parameter vulnerability discovered by johska in WordPress Plugin Easy Custom Admin Bar versions = 1.0...

acc-uk.org Cross Site Scripting vulnerability OBB-4038754

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mrl.co.jp Cross Site Scripting vulnerability OBB-4038737

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

abseits.biz Cross Site Scripting vulnerability OBB-4038570

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

horticus.biz Cross Site Scripting vulnerability OBB-4038403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload

A Stored Cross-Site Scripting XSS vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser. Th...

dcmooregallery.com Cross Site Scripting vulnerability OBB-4038271

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-0183

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...