71 matches found
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-1708
Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...
CVE-2025-13705
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-203222
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13705
CVE-2025-13705 concerns the WordPress plugin Custom Frames (
CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2025-51063
The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-34310 IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...
EUVD-2002-2328
Malware in sbrugna...
EUVD-2025-28690
Malicious code in bioql PyPI...
EUVD-2025-12098
Malicious code in bioql PyPI...
EUVD-2024-54945
Malicious code in bioql PyPI...
CVE-2024-51423
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...
CVE-2024-51423
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...
Infor Global HR 安全漏洞
Infor Global HR is a software from Infor, Inc. with unified management of global employee data. A security vulnerability exists in Infor Global HR version 11.23.03.00.21 and earlier, which stems from improper handling of the class parameter and could lead to remote code execution...
CVE-2024-51423
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...
CVE-2024-51423
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter...
CVE-2024-51423
CVE-2024-51423 affects Infor Global HR GHR versions 11.23.03.00.21 and earlier. The issue is a Cross Site Scripting vulnerability via the class parameter that could allow a remote attacker to execute arbitrary code. Several sources (Red Hat, NVD, CNNVD, CVE listings) corroborate this, with a CVSS...
PT-2025-35573
Name of the Vulnerable Software and Affected Versions: Infor Global HR GHR versions 11.23.03.00.21 and before Description: A Cross Site Scripting issue exists in Infor Global HR GHR that allows a remote attacker to execute arbitrary code via the class parameter. Recommendations: Update Infor Glob...
CVE-2025-5842
The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...