CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

CVE-2025-23858

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

CVE-2025-23894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tatsuya wp-flickr-press wp-flickr-press allows Reflected XSS.This issue affects wp-flickr-press: from n/a through = 2.6.4...

CVE-2025-23632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through = 1.0.5.6...

CVE-2025-23461

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through = 0.2.990...

CVE-2025-23568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through = 1.3...

CVE-2025-23964

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ajitae Google Plus google-plus-google allows Reflected XSS.This issue affects Google Plus: from n/a through = 1.0.2...

CVE-2025-23879

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

CVE-2025-23903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...

CVE-2025-23633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in khanhtruong WP Database Audit database-audit allows Reflected XSS.This issue affects WP Database Audit: from n/a through = 1.0...

CVE-2025-23923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through = 0.999...

CVE-2025-23473

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through = 2.0...

CVE-2025-23697

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webdeal Podčlánková inzerce podclankova-inzerce allows Reflected XSS.This issue affects Podčlánková inzerce: from n/a through = 2.4.0...

CVE-2025-14803

CVE-2025-14803 concerns the Nex-Forms WordPress plugin, affected up to version 9.1.8. The issue arises from inadequate sanitization/escaping of certain settings, enabling stored XSS when configured in a specific way. Public Red Hat and CIRCL entries corroborate the same description. Red Hat notes...

PT-2026-1764

Name of the Vulnerable Software and Affected Versions BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin for WordPress versions up to and including 2.2.1 Description The BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin fo...

CVE-2026-22257

CVE-2026-22257 (Salvo) : The Rust web framework Salvo is vulnerable prior to 0.88.1 due to the list_html function in the serve-static directory not sanitizing file/folder names when generating a folder view. This can enable stored cross-site scripting (XSS) when a site serves public files and use...

CVE-2025-13504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through = 2.1.4...

CVE-2025-67930

CVE-2025-67930 : Reflected Cross-Site Scripting in the WordPress plugin eHive Search (formerly ehive-search) for versions

CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

CVE-2025-69350

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through = 3.0.3...