CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

CVE-2026-4388

CVE-2026-4388 affects the WordPress plugin “Form Maker by 10Web.” A stored XSS exists in the Matrix field (Text Box input) across all versions up to 1.15.40. Root cause: insufficient input sanitization (sanitize_text_field strips tags but not quotes) and missing output escaping when rendering sub...

CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

CVE-2021-47818

CVE-2021-47818 affects DupTerminator 1.4.5639.37199. The issue is a denial-of-service where inputting a long string into the Excluded text box can crash the application on Windows 10; a payload of 8000 repeated characters is cited as triggering the stop. The vulnerable component is the text-input...

CVE-2021-47818

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

DupTerminator security vulnerability

DupTerminator is a file cleanup tool developed by Dmitry Borisov. Version 1.4.5639.37199 of DupTerminator contains a security vulnerability, which stems from a buffer overflow in the Excluded text box, potentially leading to a denial-of-service attack...

PT-2026-3275

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

EUVD-2021-21882

Malware in sbrugna...

EUVD-2019-5878

Malware in sbrugna...

EUVD-2022-6603

Malicious code in bioql PyPI...

EUVD-2024-35510

Malicious code in bioql PyPI...

EUVD-2022-31944

Malicious code in bioql PyPI...

EUVD-2025-4019

Malicious code in bioql PyPI...

CVE-2024-35752

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

CVE-2025-25079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...

CVE-2025-25079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...

CVE-2025-25079

CVE-2025-25079 describes a Stored XSS in the WordPress plugin Simple Select All Text Box (versions up to 3.2). The vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied scripts to be stored and delivered to users. The initial records and co...