CVE-2026-35035

Summary: CVE-2026-35035 affects CI4MS (CodeIgniter 4-based CMS skeleton). A stored XSS vulnerability exists in System Settings – Company Information where attacker-controlled fields (e.g., Company Name, Slogan, contact fields, Google Maps link, media fields) are input and persisted server-side, t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of attacker-controlled input in Custom RSE Attribute. An attacker can execute arbitrary JavaScript in the context of the WebUI by injecting malicious payloads that are stored and later rendered...

WordPress plugin BlockArt Blocks has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2024-34766

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through 1.3...

CVE-2025-68607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

PT-2025-49921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...

CVE-2025-11962

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS. This issue affects Digital Corporate Warehouse: before v.4.8.2.22...

WordPress plugin HTML Forms – Simple WordPress Forms Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin HTML For...

CVE-2025-62898 WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

CVE-2025-58851 WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DigitalCourt Boxed Content boxed-content allows Stored XSS.This issue affects Boxed Content: from n/a through = 1.0...

CVE-2025-54749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through = 2.2.0.2...

CVE-2025-45960

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...

CVE-2024-47299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: fr...

CVE-2024-44001

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982...

HMS Networks Anybus-CompactCom 30 跨站脚本漏洞

HMS Networks Anybus-CompactCom 30 is a Bluetooth module from the Swedish company HMS Networks. It is used as a physical layer converter for Bluetooth communication. A cross-site scripting vulnerability exists in HMS Networks Anybus-CompactCom 30, which stems from a lack of checks against user...

CVE-2024-32580

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8...