Lucene search
K

145 matches found

Patchstack
Patchstack
added 2026/03/02 7:46 a.m.8 views

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'titletag' Parameter vulnerability discovered by WordFence in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...

5.3CVSS5.9AI score0.00325EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.12 views

CVE-2019-25370

OPNsense 19.1 is affected by a reflected XSS in interfaces_vlan_edit.php. The vulnerability arises from accepting crafted input in multiple parameters (tag, descr, vlanif) via POST, enabling attackers to inject and execute arbitrary JavaScript in users’ browsers. The CVE entry confirms the affect...

6.1CVSS5.5AI score0.00232EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.8 views

PT-2026-8242

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...

6.1CVSS5.5AI score0.00232EPSS
Exploits1References5
NVD
NVD
added 2026/01/14 5:16 p.m.11 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1CVSS0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 5:16 p.m.5 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2921

Name of the Vulnerable Software and Affected Versions Paessler PRTG Network Monitor versions prior to 25.4.114 Description A Cross-Site Scripting XSS issue exists in Paessler PRTG Network Monitor. An unauthenticated attacker can exploit this issue via the tag parameter. Recommendations Update...

6.1CVSS6AI score0.00221EPSS
Exploits0References4
CVE
CVE
added 2026/01/14 12:0 a.m.14 views

CVE-2025-67833

CVE-2025-67833 affects Paessler PRTG Network Monitor and is an XSS vulnerability. Versions prior to 25.4.114 allow an unauthenticated attacker to execute script via the tag parameter. There is no exploitation detail provided beyond this description in the connected documents. Impact is cross-site...

6.1CVSS6.1AI score0.00221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/14 12:0 a.m.3 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1CVSS5.4AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 12:0 a.m.5 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

6.1AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.6 views

Paessler PRTG Network Monitor 安全漏洞

Paessler PRTG Network Monitor is a network monitoring software from the German company Paessler. A security vulnerability exists in Paessler PRTG Network Monitor versions prior to 25.4.114, which can be exploited by unauthenticated attackers to conduct cross-site scripting attacks via the tag...

6.1CVSS6.1AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 12:0 a.m.26 views

CVE-2025-67833

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter...

0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-12379

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 1:47 p.m.7 views

CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS4.7AI score0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 1:47 p.m.31 views

CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/10 1:47 p.m.6 views

EUVD-2026-1845

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS4.6AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.7 views

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 11:15 a.m.4 views

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

6.4CVSS4.7AI score0.00185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 9:27 a.m.6 views

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.5AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11117

Malware in sbrugna...

5.4CVSS5.6AI score0.00746EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/08/07 12:0 a.m.5 views

agora 跨站脚本漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A cross-site scripting vulnerability exists in versions prior to agora fall23-Alpha1 b087490, which stems from the tag parameter in editorManager.js being susceptible to cross-site scripting attacks...

6.4CVSS6AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder