CVE-2026-25356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25356 WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25356 WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2025-67997

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...

CVE-2025-67997

Travelicious theme (WordPress) ≤ 1.6.6 is affected by a Deserialization of Untrusted Data PHP Object Injection vulnerability due to object deserialization in Travelicious (Travelicious) that allows unauthenticated exploitation. Affected software: Travelicious: from n/a through

PT-2026-21065

Name of the Vulnerable Software and Affected Versions BoldThemes Travelicious versions prior to 1.6.7 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to manipulate serialized data and...

CVE-2021-24539

The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfilteredhtml capability is disallowed, leading to an...

Typora 跨站脚本漏洞

Typora is an editor. A cross-site scripting vulnerability exists in versions prior to Typora 1.6.7, which stems from the ability to load JavaScript code in the main Typora window by loading typora://app/typemark/updater/update.html in the tag...

OWASP AntiSamy 跨站脚本漏洞

OWASP AntiSamy is a library for HTML and CSS coding from the US-based Owasp Foundation. A security vulnerability exists in OWASP AntiSamy versions prior to 1.6.7, which arises from an output serializer that does not properly encode assumed Cascading Style Sheet CSS content...