35 matches found
CVE-2026-32961
creationtimestamp| type| source ---|---|--- 2026-04-19 19:30:00+00:00| seen| https://jvn.jp/en/vu/JVNVU94271449 2026-04-21 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-10...
CVE-2025-3103
creationtimestamp| type| source ---|---|--- 2025-04-19 04:59:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12573 2025-04-19 07:08:46+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5laf64bjo2 2025-04-19 07:30:23+00:00| seen|...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Salon Services Add New...
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...
Bannerlid <= 1.1.0 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Salon Services Add New...
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...
ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML file containing: Name: alert1' / alert2' /...
Salon booking system < 9.6.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open a page containing the code: input type="submit" valu...
spang-lichttechnik.de Cross Site Scripting vulnerability OBB-3268622
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
schulfreundfinder.de Cross Site Scripting vulnerability OBB-3268457
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
reitschule-sinka.de Cross Site Scripting vulnerability OBB-3268311
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
reiseleiter-ausbildung.de Cross Site Scripting vulnerability OBB-3268308
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
radsportverband-brandenburg.de Cross Site Scripting vulnerability OBB-3268280
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
prof-schnauffer.de Cross Site Scripting vulnerability OBB-3268228
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
laguna.sc.gov.br Cross Site Scripting vulnerability OBB-3268102
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
iis.edu.jo Cross Site Scripting vulnerability OBB-3267966
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
funnyinflorida.com Cross Site Scripting vulnerability OBB-3267892
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nepalhandcreation.com Cross Site Scripting vulnerability OBB-3267638
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection
Software Accessibility Suite by Online ADA Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47420 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID cf5c7e0f9b45 Credits minhtuanact Required...