6236 matches found
Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System
Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...
CVE-2025-12753
The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzezchart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for...
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...
WordPress plugin Insert Headers and Footers Code – HT Script 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-53324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through = 1.5.7...
GROWI vulnerable to stored cross-site scripting
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2025-61994 Keitaro Yamazaki of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...
WordPress plugin WP GDPR Cookie Consent 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
CVE-2025-12371
The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...
CVE-2025-12393
The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2025-36172
CVE-2025-36172 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow. The IBM bulletin and related sources describe a stored cross-site scripting (XSS) vulnerability where an authenticated user can inject arbitrary JavaScript into the Web UI, potentially leading to cr...
CVE-2025-12118
The Schema Scalpel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping when outputting user-supplied data into JSON-LD schema markup. This makes it possible for...
CVE-2025-11922 Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inaredirectpageindividualuser' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-37033
Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...
CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...
CVE-2025-60983
Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints...
CVE-2025-62899
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive allows Stored XSS.This issue affects Photospace Responsive: from n/a through = 2.2.0...
CVE-2025-62894
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through = 5.9.3...
EUVD-2025-35960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through = 1.6.3...
CVE-2025-62956 WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...
CVE-2025-62945 WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through = 1.0.30...