WordPress TheNa theme <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme TheNa versions = 1.5.5...

CVE-2025-40978

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to ‘/ticket/x/conversion’, using the ‘replydescription’ parameter...

CVE-2025-14555

CVE-2025-14555 affects the WordPress plugin “Countdown Timer – Widget Countdown.” The vulnerability is a stored XSS via the plugin’s shortcode wpdevart_countdown in versions up to 2.7.7, caused by insufficient input sanitization and output escaping on user-supplied shortcode attributes. The impac...

CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-1848

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2005-1140

Cross-site scripting XSS vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments...

CVE-2005-1653

Cross-site scripting XSS vulnerability in message.htm for Woppoware PostMaster 4.2.2 build 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the email parameter...

CVE-2023-43358

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component...

CVE-2023-50072

A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...

CVE-2023-49539

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter...

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

CVE-2023-4864

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2018-1000139

I, Librarian version 4.8 and earlier contains a Cross Site Scripting XSS vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user...

CVE-2018-1000113

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...

CVE-2025-11453

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2009-4861

Cross-site scripting XSS vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2001-1522

Cross-site scripting XSS vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message...

CVE-2021-27129

CASAP Automated Enrollment System version 1.0 contains a cross-site scripting XSS vulnerability through the Students Edit ROUTE parameter...

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...