Cross-site Scripting (XSS)

Overview org.webjars.npm:echarts is an Apache ECharts is a powerful, interactive charting and data visualization library for browser Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tooltip rendering when both Lines series and tooltip are used without a...

PT-2026-39285

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An issue exists in the tooltip mouseover handler where the software reads the aria-label attribute and processes it using decodeURIComponent before assigning the result to messageElement.innerHTML. Th...

CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2025-13908 The Tooltip <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thetooltip' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

@oku-ui/primitives (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/tooltip (=0.6.1)

@oku-ui/tooltip NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/tooltip and may be impacted: - @oku-ui/primitives =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191281...

EUVD-2022-1902

Malicious code in bioql PyPI...

EUVD-2025-4731

Malicious code in bioql PyPI...

EUVD-2022-1867

Malicious code in bioql PyPI...

CVE-2025-48316

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.This issue affects Responsive Mobile-Friendly Tooltip: from n/a through = 1.6.6...

CVE-2025-48316

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ItayXD Responsive Mobile-Friendly Tooltip responsive-mobile-friendly-tooltip allows Stored XSS.This issue affects Responsive Mobile-Friendly Tooltip: from n/a through = 1.6.6...

WordPress plugin Responsive Mobile-Friendly Tooltip 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...

CVE-2025-46532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Haris Zulfiqar Tooltip wp-tooltip allows DOM-Based XSS.This issue affects Tooltip: from n/a through = 1.0.1...

CVE-2025-46532 WordPress Tooltip plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Haris Zulfiqar Tooltip wp-tooltip allows DOM-Based XSS.This issue affects Tooltip: from n/a through = 1.0.1...

CVE-2024-13292 Tooltip - Moderately critical - Cross site scripting - SA-CONTRIB-2024-058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Tooltip allows Cross-Site Scripting XSS.This issue affects Tooltip: from 0.0.0 before 1.1.2...

WordPress WP Recipe Maker plugin <= 9.6.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'tooltip' vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'tooltip' vulnerability discovered by Webbernaut in WordPress Plugin WP Recipe Maker versions = 9.6.1...

CVE-2024-8668

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input...

CVE-2023-33186 Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip

Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is...

PT-2023-24203 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0-beta1 through 7.0-beta2 and the main development branch from May 2, 2023 and later Description: The issue is related to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send...

Code injection

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...