EUVD-2025-205908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9...

CVE-2025-49345

Cross-Site Request Forgery CSRF vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through = 3.1.2...

PT-2025-54304

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through 2.30.0...

PT-2025-54321

Name of the Vulnerable Software and Affected Versions Cincopa video and media plugin versions through 1.163 Description The Cincopa video and media plugin contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means th...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 11.4 and earlier, which stems from a stored cross-site scripting issue that could lead to malicious...

CVE-2025-66094

CVE-2025-66094 is a stored XSS in Yada Wiki (WordPress plugin) that is exploitable by an authenticated user (Contributor+). The Wordfence report lists the vulnerability as authenticated (Contributor+) Stored Cross-Site Scripting in Yada Wiki

CVE-2025-68876 WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through = 1.0.8...

CVE-2023-32120

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1...

PT-2025-53077

Name of the Vulnerable Software and Affected Versions Brainstorm Force Astra Widgets versions through 1.2.16 Description A flaw exists in Brainstorm Force Astra Widgets that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page...

CVE-2023-53977

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when...

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...

CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

CVE-2025-14151

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outboundresource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-67163

A stored cross-site scripting XSS vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter...

CVE-2025-58900

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through = 1.4.2...

EUVD-2025-204136

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through = 1.17...

PT-2025-52297

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Attackers can inject malicious scripts through error messages that contain specially crafted object names. This allo...

CVE-2023-53932

CVE-2023-53932 affects Serendipity 2.4.0. The vulnerability is a stored cross-site scripting issue where an authenticated user can craft blog entries containing a JavaScript payload, which executes when other users view the post. The root cause is improper sanitization/handling of blog entry cont...

EUVD-2025-203986

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

CVE-2025-68080

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal User Avatar - Reloaded user-avatar-reloaded allows Stored XSS.This issue affects User Avatar - Reloaded: from n/a through = 1.2.2...