@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2026-0540 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

EUVD-2025-35513

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through = 2.5.4...

CVE-2025-49074 WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through = 2.5.4...

CVE-2024-49673

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through = 2.5.4...

PT-2024-14158 · WordPress · Woocommerce Shipping Per Product

Name of the Vulnerable Software and Affected Versions: WooCommerce Shipping Per Product versions 2.5.4 and earlier Description: A Missing Authorization issue has been identified. This issue affects the WooCommerce Shipping Per Product plugin. Recommendations: For versions 2.5.4 and earlier, updat...

Pannellum Cross-Site Scripting Vulnerability

Pannellum is a lightweight open source web-based panoramic viewer. A cross-site scripting vulnerability exists in Pannellum versions 2.5.0 through 2.5.4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability ...

PT-2015-3670 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 versions 2.5.4 and earlier Description: The issue allows remote attackers to bypass authentication and obtain sensitive information. This is achieved by setting the client login cookie to admin. Recommendations: For D-Link...

PT-2015-3672 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 router versions 2.5.4 and later Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" when res config id is set to 41. This could...