CVE-2025-46532

CVE-2025-46532 describes a DOM-based XSS in the WordPress Tooltip plugin (Tooltip) due to improper input neutralization during web page generation. Affected versions: Tooltip

PT-2024-23290 · WordPress · Tomas Wordpress Tooltips

Name of the Vulnerable Software and Affected Versions: Tomas WordPress Tooltips versions prior to 9.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential remote attacks...

CVE-2023-33186 Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip

Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

SUSE CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2022-28153

Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

PT-2020-15464 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 3.0.4 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because build descriptions in tooltips are not properly escaped, allowing attackers...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...