211 matches found
CVE-2025-12417
CVE-2025-12417 affects the SurveyFunnel – Survey Plugin for WordPress (SurveyFunnel Lite) up to version 1.1.5. It is an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability via the shortcode surveyfunnel_lite_survey; no public patch details are provided in the connected document...
CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...
PT-2025-48938
A stored cross-site scripting XSS vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field...
CVE-2025-13731
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-65187
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...
CVE-2025-64049
A stored cross-site scripting XSS vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the...
CVE-2025-62296
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-10018
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
GROWI vulnerable to stored cross-site scripting
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2025-61994 Keitaro Yamazaki of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...
WordPress plugin WP GDPR Cookie Consent 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
CVE-2025-11922 Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inaredirectpageindividualuser' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-37033
Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...
CVE-2025-62956 WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...
CVE-2025-62945 WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through = 1.0.30...
CVE-2025-10138
The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11834
The CVE CVE-2025-11834 (WP AD Gallery) affects WordPress WP AD Gallery plugin versions ≤ 1.3, with stored XSS via the startindex parameter in the ad-gallery shortcode. Root cause: insufficient input sanitization and output escaping; authenticated attackers with contributor-level access can inject...
CVE-2025-59974 Junos Space Security Director: Persistent Cross-Site Scripting (XSS) vulnerability
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access...
EUVD-2024-1640
Malicious code in bioql PyPI...
EUVD-2025-24927
Malicious code in bioql PyPI...
CVE-2025-40989
CVE-2025-40989 describes a stored cross-site scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user input in the POST endpoint dealing with the applicant’s message, specifically the API path that includes the message parameter. The affected component ...