CVE-2023-52292 IBM Sterling File Gateway cross-site scripting

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi...

CVE-2025-24708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms,...

CVE-2022-4975

A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...

CVE-2022-4975

The CVE-2022-4975 entry concerns Red Hat Advanced Cluster Security (RHACS) portal UI. Affected component: frontend rendering of table views (e.g., /main/configmanagement/*) where the portal creates a DOM table (id="pdf-table") and later populates it with data via innerHTML. Root cause: unsanitize...

CVE-2023-46187

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-46187 IBM InfoSphere Master Data Management cross-site scripting

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-48417

The CVE-2024-48417 entry concerns Edimax BR-6476AC (1.06) a dual‑band router. The vulnerability is a Cross Site Scripting (XSS) issue reachable through /bin/goahead and exposed at the endpoints /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter. The Red ...

CVE-2024-12334

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-10574 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ayssavegooglecredentials' function in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up...

CVE-2024-35145 IBM Maximo Application Suite cross-site scripting

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-13548

The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2229 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping of a lesson name. This allows authenticated...

CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting

A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2025-24706

Summary: CVE-2025-24706 affects the WordPress plugin “MultiVendorX – WC Marketplace” (WC Marketplace) up to version 4.2.13. It is a stored XSS vulnerability caused by improper input neutralization during web page generation. The CVSS v3.1 base score is 6.5 (Medium), with network attack vector, re...

CVE-2025-24681 WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid Ultimate for...

WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin KBucket versions = 4.1.6...

CVE-2025-23837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One Backend Language: from n/a through = 1.0...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

PT-2025-40594

Name of the Vulnerable Software and Affected Versions Redis versions 5.7.0 through 5.8.0 Redict versions 7.3.2+ds-1ubuntu0.1 Valkey versions prior to 8.1.1+dfsg1-3+deb13u1 Description Redis and Redict are vulnerable to a Lua scripting interface issue that could allow an authenticated attacker to...

CVE-2025-23894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tatsuya wp-flickr-press wp-flickr-press allows Reflected XSS.This issue affects wp-flickr-press: from n/a through = 2.6.4...