CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the tax rate name field in the store...

EUVD-2024-29016

Malicious code in bioql PyPI...

EUVD-2024-30348

Malicious code in bioql PyPI...

EUVD-2025-26221

Malicious code in bioql PyPI...

CVE-2025-55579

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting XSS issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8...

CVE-2025-55579

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting XSS issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8...

CVE-2025-55579

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting XSS issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8...

SolidInvoice 安全漏洞

SolidInvoice is an invoice solution application from SolidInvoice Open Source. A security vulnerability exists in SolidInvoice version 2.3.7, which stems from the tax rate feature being vulnerable to cross-site scripting attacks...

CVE-2025-55579

SolidInvoice 2.3.7 contains a stored XSS vulnerability in the Tax Rates feature. The underlying issue allows an authenticated attacker to store arbitrary JavaScript that executes in the context of other authenticated users who view the Tax Rates page. The fix is to upgrade to SolidInvoice 2.3.8 o...

PT-2025-35248

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.3.8 Description: SolidInvoice is susceptible to a Cross Site Scripting XSS issue within the Tax Rate functionality. Recommendations: Update to version 2.3.8 or later...

CVE-2025-55579

SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting XSS issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8...

CVE-2024-32546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5...

CVE-2024-31105

Cross-Site Request Forgery CSRF vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5...

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

Description The Tax Rate Upload plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2024-32546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5...

CVE-2024-32546 WordPress Tax Rate Upload plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a through 2.4.5...

WordPress Plugin Tax Rate Upload 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Tax Rate Upload plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Tax Rate Upload versions = 2.4.5...

WordPress Tax Rate Upload Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Tax Rate Upload Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32546 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e0f99a4ecd9c Credits Dimas Maulana Required privilege...