1044 matches found
CVE-2025-10126
The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-57642
CVE-2025-57642 affects Tourism Management System 2.0 with a shell-upload vulnerability that allows uploading and executing PHP shells, enabling remote code execution and unauthorized access. CVSS v3.1 metrics indicate Network access, Low attack complexity, Privileges required: High, with Confiden...
POS Point of Sale System 6776.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...
WordPress plugin AI ChatBot for WordPress 安全漏洞
WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...
CVE-2025-6757
The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9493
The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
Permissive Regular Expression
Overview @mathharo/promptcraft-sanitize is a Sanitizer fix for overlapping multi-token patterns. Affected versions of this package are vulnerable to Permissive Regular Expression due to insufficient replacement of multi-character tokens. An attacker can execute arbitrary scripts in the context of...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/lipsum.xml process. An attacker can execute...
CVE-2025-8150
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Linux Distros Unpatched Vulnerability : CVE-2019-3826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated...
CVE-2025-53504
Group-Office (Intermesh BV) is affected by a cross-site scripting (CVE-2025-53504) vulnerability, impacting versions prior to 6.8.119 and prior to 25.0.20. The issue allows an arbitrary script to run in a user’s browser when exploited. Remediation per connected sources is to update Group-Office t...
WordPress Alike plugin cross-site scripting vulnerability
WordPress Alike plugin is a WordPress plugin that is mainly used for custom comparison function of articles or posts, supporting any post type or custom type e.g. property, car, etc., adding data presentation through flexible logic generator. WordPress Alike plugin suffers from a cross-site...
WordPress plugin Blocksy cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blocksy 2.1.6 and previous versions of cross-site scripting vulnerability , the...
CVE-2025-8621
The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...
WordPress plugin Blogger Buzz 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Blogger Buzz 1.2.6 and previous versions of cross-site scripting vulnerability , the...
CVE-2025-45316
A cross-site scripting XSS vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...
CVE-2025-45316
A cross-site scripting XSS vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...
WordPress Flex Guten Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Flex Guten, which stems from insufficient input cleanup and escaping, and can be exploited by an attacke...
CVE-2025-51534
A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...