CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

CVE-2025-14147

The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-67349

CVE-2025-67349 : FluentCMS 1.2.3 is affected by a cross-site scripting (XSS) vulnerability in the Add Page workflow. After admin login, input entered in the head section is not properly sanitized, allowing an attacker to inject arbitrary script tags. Descriptions across multiple sources confirm t...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05123)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04265)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

AVE DOMINAplus 安全漏洞

AVE DOMINAplus is an application from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x, which stems from vulnerability to cross-site request forgery and cross-site scripting attacks that could lead to the...

CVE-2025-67291

A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

CVE-2025-14735

The "Amazon affiliate lite Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Vega method. An attacker can execute arbitrary scripts in the context of a user's browser by...

CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context...

CVE-2025-67163

CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF

CVE-2025-8617

The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yithquickview shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-203233

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access...

EUVD-2025-203247

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

EUVD-2025-203005

The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-14129

The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...