CVE-2019-12823

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...

CVE-2024-32569

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...

CVE-2025-24542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram icegram allows Stored XSS.This issue affects Icegram: from n/a through = 3.1.31...

CVE-2025-24542

CVE-2025-24542 affects WordPress Icegram Engage plugin (

WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin Icegram versions = 3.1.31...

WordPress plugin Icegram 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5392 · Icegram · Icegram

Name of the Vulnerable Software and Affected Versions: Icegram versions through 3.1.31 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions through...

WordPress Plugin Ditty 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Ditty versions = 3.1.31...

WordPress Newsletter, SMTP, Email marketing and Subscribe plugin <= 3.1.30 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Newsletter, SMTP, Email marketing and Subscribe plugin versions = 3.1.30. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe plugin to the latest available version at least 3.1.31...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated. PoC javascript import nanoid from 'nanoid'; const makeProxyNumberToReproducePreviousID = = let step = 0; return valueOf // // if !pool ||...

Andris Sevcenko craftcms 跨站脚本漏洞

Craft CMS is a content management system for developers, designers and web professionals that provides flexibility, power and ease of use. A cross-site scripting vulnerability exists in Craft CMS version 3.1.31. A remote attacker can inject arbitrary web script or HTML via /admin/settings/sites/n...