phpMoAdmin Cross Site Scripting

A cross site scripting vulnerability exists in phpMoAdmin. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

CVE-2026-0914

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2018-25116

The CVE-2018-25116 entry pertains to MyBB Thread Redirect Plugin version 0.2.1, which is documented to contain a cross-site scripting (XSS) vulnerability in the custom text input field for thread redirects. Attackers can inject SVG scripts that execute when other users view the thread, enabling a...

CVE-2026-0788

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

CVE-2026-0788 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

WordPress Internal Link Builder plugin cross-site scripting vulnerability

WordPress Internal Link Builder plugin is a tool used to help webmasters create internal links on WordPress sites. WordPress Internal Link Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Kunze Law plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

Cross-site Scripting (XSS)

Overview electron-markdownify is a minimalist Markdown Editor Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload. An attacker can execute arbitrary scripts in the context of the application by uploading specially crafted markdown files containing...

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

CVE-2026-1011

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

CVE-2026-0812

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2026-0594

The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

Testa 跨站脚本漏洞

Testa is an academic activity monitoring software from Testa. A cross-site scripting vulnerability exists in Testa version 3.5.1, which stems from a reflected cross-site scripting vulnerability in the redirect parameter in login.php that could lead to the execution of arbitrary JavaScript...

MiracleLinux 8 : libreoffice-6.4.7.2-19.el8_10.ML.1 (AXSA:2025-9778:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9778:01 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2023-25346

A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found...