WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

eShop 3.0.4 - Cross-Site Scripting

eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. id: CVE-2022-35493 info: name: eShop 3.0.4 - Cross-Site Scripting author: arafatansari severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting...

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

OURPHP <= 7.2.0 - Cross Site Scripting

OURPHP ale...

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

Seo Panel 4.8.0 - Cross-Site Scripting

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...

WordPress Post Grid <2.1.8 - Cross-Site Scripting

WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, id: CVE-2021-24488 info: name: WordPress Post Grid 2.1.8 - Cross-Sit...

WordPress Country Selector <1.6.6 - Cross-Site Scripting

WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in th...

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...

EUVD-2026-35507

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

CVE-2026-48562

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

EUVD-2026-35584

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-45467

CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

PT-2026-48037

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

Microsoft Office Project Server 跨站脚本漏洞

Microsoft Office Project Server is an enterprise-level project and project portfolio management platform open-sourced by Microsoft. Microsoft Office Project Server has a cross-site scripting vulnerability, which stems from improper input during web page generation. This vulnerability could allow...