CVE-2025-64191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

PT-2025-52156

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through 9.6.1...

Yellowfin Business Intelligence Yellowfin 安全漏洞

An insecure direct object reference vulnerability exists in versions of Yellowfin prior to 9.6.1, a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. An attacker could exploit the vulnerability by sending a specially crafted HTTP GET request to th...

PT-2021-21266 · Yellowfin · Yellowfin

Name of the Vulnerable Software and Affected Versions: Yellowfin versions prior to 9.6.1 Description: The issue allows enumeration and download of users' profile pictures through an Insecure Direct Object Reference vulnerability. This can be exploited by sending a specially crafted HTTP GET reque...