CVE-2025-27499

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the processaedicaosocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...

CVE-2025-27500 Cross Site Scripting potential in Ziti Console

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...

CVE-2025-27418 WeGIA contains a Stored Cross-Site Scripting (XSS) in 'adicionar_tipo_atendido.php' via the 'tipo' parameter

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipoatendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into t...

CVE-2025-26585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DyadyaLesha DL Leadback dl-leadback allows Reflected XSS.This issue affects DL Leadback: from n/a through = 1.2.1...

CVE-2025-25157

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpchurchteam WP Church Center wp-church-center allows Reflected XSS.This issue affects WP Church Center: from n/a through = 1.3.3...

CVE-2025-23956

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Richard Leishman WP Easy Post Mailer wp-mailer allows Reflected XSS.This issue affects WP Easy Post Mailer: from n/a through = 0.64...

CVE-2025-23881

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in littlejon LJ Custom Menu Links lj-custom-menu-links allows Reflected XSS.This issue affects LJ Custom Menu Links: from n/a through = 2.5...

CVE-2025-23663

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through = 1.0...

CVE-2025-23586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This issue affects WP Post Category Notifications: from n/a through = 1.0...

CVE-2025-23524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through = 1.7...

CVE-2025-26918 WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes – Unishippers Edition: from n/a...

CVE-2025-25114

CVE-2025-25114 affects the WordPress plugin WordPress User Roles (WordPress User Roles plugin) versions &lt;= 1.0, with a Reflected Cross-Site Scripting (XSS) flaw. The initial record attributes this to Improper Neutralization of Input During Web Page Generation, enabling reflected XSS. The CVSS ...

CVE-2025-25113

CVE-2025-25113 concerns WordPress plugin “Implied Cookie Consent” (versions up to 1.3). Connected sources note a Reflected Cross‑Site Scripting (XSS) vulnerability arising from improper input neutralization in the plugin, enabling reflected XSS in affected pages. The initial entry identifies the ...

CVE-2025-23852 WordPress First Comment Redirect plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robin90 First Comment Redirect first-comment-redirect allows Reflected XSS.This issue affects First Comment Redirect: from n/a through = 1.0.3...

CVE-2025-23736 WordPress Form To JSON plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a through = 1.0...

CVE-2025-23464 WordPress Twitter News Feed plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Twitter News Feed allows Reflected XSS. This issue affects Twitter News Feed: from n/a through 1.1.1...

CVE-2025-23440 WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability

Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through = 2.1...

cdu-giessen.de Cross Site Scripting vulnerability OBB-4031805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

spermdonorsaustralia.com.au Cross Site Scripting vulnerability OBB-4031788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-27585

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...