CVE-2025-0832

A stored Cross-site Scripting XSS vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

PT-2025-7193

Name of the Vulnerable Software and Affected Versions: Post Thumbs versions n/a through 1.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2025-5243 · Unknown · Full Circle

Name of the Vulnerable Software and Affected Versions: Full Circle versions 0.5.7.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions 0.5.7.8 and earlier, update to a version that contains a fix for this...

PT-2025-2141 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions up to, and including, 2.9.1.3 Description: The issue is related to Stored Cross-Site Scripting via the alt parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-5027 · Unknown · Slider For Writers

Name of the Vulnerable Software and Affected Versions: Slider for Writers versions n/a through 1.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2024-12240

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin iChart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

PT-2024-35185 · Unknown · Forex Signals

Name of the Vulnerable Software and Affected Versions: Provide Forex Signals versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...

CVE-2024-8052

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5001

The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id', 'oxiaddonsftitletag', and 'contentdescriptiontag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and outpu...

RHEL 7 : rest (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data...

CVE-2024-30921

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...

PT-2024-18032 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the modal popup widget's effect setting due to insufficient input sanitization and outpu...

BIT-GITLAB-2021-22227

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it...

Vulnerabilities fixed in IBM Qradar

IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...

CodeAstro Internet Banking System Cross-Site Scripting Vulnerability

CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A cross-site scripting vulnerability exists in CodeAstro Internet Banking System version 1.0, which stems from the parameter Client Full Name in the file pagesclientsignup.php that can lead to cross-site scripting...

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

torarica.com Cross Site Scripting vulnerability OBB-3277599

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-16874 · Unknown · Sourcecodester File Tracker Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester File Tracker Manager System version 1.0 Description: A problematic issue was found in the SourceCodester File Tracker Manager System, affecting an unknown part of the file normal/borrow1.php. The manipulation of the id argument...

PT-2023-8492 · WordPress · Tc Ultimate Wp Query Search Filter

Name of the Vulnerable Software and Affected Versions: TC Ultimate WP Query Search Filter plugin versions = 1.0.10 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It is associated with the failure to protect the structure of web pages, which could allow a remote...