CVE-2025-57881

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-36556

A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-41084

CVE-2025-41084 describes a Stored Cross-Site Scripting (XSS) vulnerability in the Sesame web application. The issue arises because uploaded SVG images are not properly sanitized, allowing attackers to embed malicious scripts in SVG files by issuing a POST to the logo endpoint (/api/v3/companies//...

WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin MemberPress Discord Addon versions = 1.1.4...

WordPress Easy Theme Options plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Easy Theme Options versions = 1.0...

PT-2026-3598

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

PT-2026-3553

Name of the Vulnerable Software and Affected Versions Poultry Farm Management System version 1.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data when a POST request is made. The issue is present in the '/farm/sell product.php'...

CVE-2026-0725

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2026-23645 SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

PT-2026-3308

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastro ocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...

CVE-2026-1010

A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...

CVE-2025-15021

The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-68658

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...

CVE-2025-71166

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

CVE-2026-0812

The CVE-2026-0812 entry concerns the WordPress LinkedIn SC plugin (

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.AXS4 (AXSA:2012-13:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-13:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2011-3389 The SSL protocol, as used in certain configurations in Microso...

CVE-2025-40978

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...

CVE-2025-68658 Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...