145 matches found
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter vulnerability
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'titletag' Parameter vulnerability discovered by WordFence in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...
CVE-2019-25370
OPNsense 19.1 is affected by a reflected XSS in interfaces_vlan_edit.php. The vulnerability arises from accepting crafted input in multiple parameters (tag, descr, vlanif) via POST, enabling attackers to inject and execute arbitrary JavaScript in users’ browsers. The CVE entry confirms the affect...
PT-2026-8242
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...
PT-2026-2921
Name of the Vulnerable Software and Affected Versions Paessler PRTG Network Monitor versions prior to 25.4.114 Description A Cross-Site Scripting XSS issue exists in Paessler PRTG Network Monitor. An unauthenticated attacker can exploit this issue via the tag parameter. Recommendations Update...
CVE-2025-67833
CVE-2025-67833 affects Paessler PRTG Network Monitor and is an XSS vulnerability. Versions prior to 25.4.114 allow an unauthenticated attacker to execute script via the tag parameter. There is no exploitation detail provided beyond this description in the connected documents. Impact is cross-site...
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...
Paessler PRTG Network Monitor 安全漏洞
Paessler PRTG Network Monitor is a network monitoring software from the German company Paessler. A security vulnerability exists in Paessler PRTG Network Monitor versions prior to 25.4.114, which can be exploited by unauthenticated attackers to conduct cross-site scripting attacks via the tag...
CVE-2025-67833
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...
CVE-2025-12379
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2026-1845
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget
The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...
EUVD-2021-11117
Malware in sbrugna...
agora 跨站脚本漏洞
agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A cross-site scripting vulnerability exists in versions prior to agora fall23-Alpha1 b087490, which stems from the tag parameter in editorManager.js being susceptible to cross-site scripting attacks...