CVE-2023-25794

Auth. admin+ Cross-Site Scripting XSS vulnerability in Mighty Digital Nooz plugin = 1.6.0 versions...

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo...

CVE-2023-49836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0...

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

CVE-2023-45832

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Martin Gibson WP GoToWebinar plugin = 14.45 versions...

CVE-2023-4451

Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4...

CVE-2023-40676

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.8 versions...

CVE-2025-23951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DIVENGINE Gallery: Hybrid – Advanced Visual Gallery hybrid-gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through = 1.4.0.2...

CVE-2025-23039

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

CVE-2022-31133

HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...

CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

CVE-2022-0233

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...

CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

CVE-2024-39626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through = 1.0.9...

CVE-2023-29031

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation...

CVE-2023-45761

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...

CVE-2023-45770

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fastwpspeed Fast WP Speed plugin = 1.0.0 versions...

CVE-2023-45006

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin = 2.4.6 versions...