CVE-2023-40573

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a documen...

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2021-41022

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the...

CVE-2022-38758

Cross-site Scripting XSS vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL...

CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

CVE-2025-15019

The BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialtycsalt' post meta in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-14980

The CVE-2025-14980 entry concerns BetterDocs – Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor for WordPress. Affected versions: all up to and including 4.3.3. Vulnerability type: Authenticated Sensitive Information Exposure via scripts() function, enabling an attacker wi...

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06108)

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing Word files without...

PT-2026-1963

Name of the Vulnerable Software and Affected Versions AMP for WP plugin for WordPress versions prior to 1.1.11 Description The AMP for WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG file content allows for the...

PT-2026-1694

Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficie...

WordPress plugin Header and Footer Scripts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-1762

Name of the Vulnerable Software and Affected Versions BetterDocs versions prior to 4.3.4 Description The BetterDocs plugin for WordPress is susceptible to sensitive information exposure through the scripts function. Authenticated attackers with contributor-level access or higher can potentially...

Soda PDF Desktop Code Execution Vulnerability

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. A code execution vulnerability exists in Soda PDF Desktop, which stems from the implementation of a Launch action that allows the execution of dangerous...

CVE-2025-14436

The CVE-2025-14436 entry concerns the Brevo for WooCommerce WordPress plugin (≤ v4.0.49). It enables unauthenticated Stored XSS via the user_connection_id parameter, due to insufficient input sanitization and output escaping. The vulnerability comprises: vulnerable code in woocommerce-sendinblue....

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pushstate event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript i...

CVE-2026-22230

CVE-2026-22230 affects OPEXUS eCASE Audit with vulnerability due to incorrect access control that allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that administrators have disabled or blocked. The publicly documented fix is in...