CVE-2025-53504

Group-Office (Intermesh BV) is affected by a cross-site scripting (CVE-2025-53504) vulnerability, impacting versions prior to 6.8.119 and prior to 25.0.20. The issue allows an arbitrary script to run in a user’s browser when exploited. Remediation per connected sources is to update Group-Office t...

WordPress Alike plugin cross-site scripting vulnerability

WordPress Alike plugin is a WordPress plugin that is mainly used for custom comparison function of articles or posts, supporting any post type or custom type e.g. property, car, etc., adding data presentation through flexible logic generator. WordPress Alike plugin suffers from a cross-site...

WordPress plugin Blocksy cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blocksy 2.1.6 and previous versions of cross-site scripting vulnerability , the...

CVE-2025-8621

The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

WordPress plugin Blogger Buzz 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blogger Buzz 1.2.6 and previous versions of cross-site scripting vulnerability , the...

CVE-2025-45316

A cross-site scripting XSS vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

CVE-2025-45316

A cross-site scripting XSS vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

WordPress Flex Guten Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Flex Guten, which stems from insufficient input cleanup and escaping, and can be exploited by an attacke...

CVE-2025-51534

A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via modifications to the configuration file in the underlying operating system. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content into the...

CVE-2024-42912

The CVE-2024-42912 issue affects META-INF Kft. Email This Issue (Data Center) prior to version 9.13.0-GA. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML by crafting a payload into the recipient field of an e-mail message. Imp...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

CVE-2023-44915

A cross-site scripting XSS vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the loginerror parameter...

CLSA-2025-1750782430 yelp: Fix of CVE-2025-3155

CVE-2025-3155: fix execution of arbitrary scripts in help documents, preventing malicious file exfiltration...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-27828

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient input validation. A...

WordPress plugin Advanced Sermons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Advanced Sermons plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

Astra Linux – Vulnerability in Yelp

A flaw was discovered in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability enables malicious users to input help documents, which may result in the exfiltration of user files to an external environment...