2 matches found
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
WordPress sermon-browser plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sermon-browser is a church sermon plugin used in it. A cross-site scripting vulnerability exists in the WordPress sermon-browser plugi...