35 matches found
CVE-2026-32961
creationtimestamp| type| source ---|---|--- 2026-04-19 19:30:00+00:00| seen| https://jvn.jp/en/vu/JVNVU94271449 2026-04-21 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-10...
CVE-2025-3103
creationtimestamp| type| source ---|---|--- 2025-04-19 04:59:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12573 2025-04-19 07:08:46+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5laf64bjo2 2025-04-19 07:30:23+00:00| seen|...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Salon Services Add New...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Salon Services Add New...
Salon booking system < 9.6.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open a page containing the code: input type="submit" valu...
Bannerlid <= 1.1.0 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...
ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML file containing: Name: alert1' / alert2' /...
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below...
spang-lichttechnik.de Cross Site Scripting vulnerability OBB-3268622
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
schulfreundfinder.de Cross Site Scripting vulnerability OBB-3268457
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
reitschule-sinka.de Cross Site Scripting vulnerability OBB-3268311
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
reiseleiter-ausbildung.de Cross Site Scripting vulnerability OBB-3268308
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
radsportverband-brandenburg.de Cross Site Scripting vulnerability OBB-3268280
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
prof-schnauffer.de Cross Site Scripting vulnerability OBB-3268228
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
laguna.sc.gov.br Cross Site Scripting vulnerability OBB-3268102
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
iis.edu.jo Cross Site Scripting vulnerability OBB-3267966
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
funnyinflorida.com Cross Site Scripting vulnerability OBB-3267892
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nepalhandcreation.com Cross Site Scripting vulnerability OBB-3267638
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Table & Contact Form 7 Database – Tablesome Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Table & Contact Form 7 Database – Tablesome Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1890 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33f0514f48a5...