841 matches found
CVE-2026-3034
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-3034
CVE-2026-3034 — OoohBoi Steroids for Elementor (WordPress) supports Stored Cross-Site Scripting via _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link parameters in all versions up to 2.1.24. The vulnerability permits authenticated attackers with Contributor-level access or higher to injec...
WordPress plugin OoohBoi Steroids for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-13672
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-13672
The CVE-2025-13672 entry describes a Reflected XSS in OpenText Web Site Management Server, affecting versions 16.7.0 and 16.7.1 . The issue arises from improper neutralization of input during web page generation, allowing malicious JavaScript to be injected via URL parameters and rendered in the ...
CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-24323
CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...
SAP E-Recruiting BSP 跨站脚本漏洞
SAP E-Recruiting BSP is a recruitment process management module provided by the German company SAP. SAP E-Recruiting BSP has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of user-controlled URL parameters, which may lead to unvalidated redirections to...
XSS-Scanner
XSS-Scanner This is a Cross Site Scripting Vulnerability scann...
WordPress plugin Events Listing Widget 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Frontis Blocks: Code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-66523
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16...
SAP NetWeaver Enterprise Portal 跨站脚本漏洞
SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which originates from an unauthenticated attacker being able to inject malicious scripts into URL parameters, which coul...
CVE-2020-10246
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statisticsorgs.ctp...
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...
PT-2025-53337
Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The software contains a server-side request forgery issue in the management interface. Attackers can manipulate GET parameters url and xml url to bypass firewalls, perform network enumeration, and...
EUVD-2025-204623
The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
EUVD-2024-55344
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
Shopware Storefront Reflected XSS in Storefront Login Page
Impact By exploiting the XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: Obtaining user session tokens. Performing administrative actions when an...
SAP BusinessObjects Business Intelligence Platform 安全漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...