Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

CVE-2026-5306

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An attacker can execute arbitrary JavaScript by supplying a javascript: URL in an image widget's link URL field and having it rendered on the page. This affects...

MotoPress Hotel Booking Lite 跨站脚本漏洞

MotoPress Hotel Booking Lite is a hotel booking software developed by MotoPress. Version 4.2.4 of MotoPress Hotel Booking Lite contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw in the accommodation type field, which may allow...

CVE-2026-4420

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

CVE-2026-27231

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

CVE-2026-25144 Talishar has a Stored XSS which can lead to data exfiltration & user impersonation

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

PT-2025-53798

Name of the Vulnerable Software and Affected Versions Hiroaki Miyashita Custom Field Template versions through 2.7.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting issue. This allows for the...

PT-2025-52318

Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5 Description TinyWebGallery version 2.5 has a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the folder name parameter. Attackers can modify album folder names with...

EUVD-2025-203567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gal Dubinski Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

CVE-2025-13896

The Social Feed Gallery Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the igp-wp shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12163

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2025-12406 Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

aEnrich a+HRD 跨站脚本漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A cross-site scripting vulnerability exists in aEnrich a+HRD, which originates from stored cross-site scripting and could allow a remote attacker with administrator privileges to inject persistent...

WordPress plugin YSlider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-46262

Name of the Vulnerable Software and Affected Versions Simple Donate plugin for WordPress versions prior to 1.1 Description The Simple Donate plugin for WordPress is susceptible to Stored Cross-Site Scripting through the simpledonate shortcode. Insufficient input sanitization and output escaping o...

PT-2025-46320

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below Description ManageEngine Exchange Reporter Plus versions 5723 and below are susceptible to a Stored Cross-Site Scripting XSS issue within the Custom report functionality. This allows...

CVE-2025-62971

CVE-2025-62971 is a stored XSS vulnerability affecting CrestaProject Attesa Extra WordPress plugin (Attesa Extra) versions up to and including 1.4.5. Connected sources corroborate the flaw and specify stored XSS in input handling during web page generation, impacting Attesa Extra versions n/a thr...