48 matches found
EUVD-2025-208909
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
CVE-2025-63260
CVE-2025-63260 affects SyncFusion 30.1.37 . The vulnerability is a Cross Site Scripting (XSS) issue arising in the product’s UI components: the Document-Editor reply to comment field and the Chat-UI chat message . The confirmed impact is XSS, enabling injection of script via user-supplied input i...
PT-2026-26666
CVE-2025-63260 SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message. https://t.co/lkPWuPDbql...
CVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...
EUVD-2025-33177
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...
CVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...
CVE-2025-60299
CVE-2025-60299 affects Novel-Plus version 5.2.0 with a stored XSS in the /book/addCommentReply endpoint. An authenticated user can inject JavaScript via the replyContent parameter when replying to a book comment; the payload is stored in the database and executes in other users’ browsers viewing ...
EUVD-2024-35531
Malicious code in bioql PyPI...
EUVD-2023-49330
Malicious code in bioql PyPI...
CVE-2023-25051
Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...
CVE-2023-45008
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...
CVE-2024-35773
Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...
CVE-2024-35773
Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...
CVE-2024-35773
CVE-2024-35773 is a CSRF-to-stored XSS vulnerability in the WPJohnny zerOneIT Comment Reply Email WordPress plugin (Comment Reply Email) affecting version 1.3 and earlier. The issue enables cross-site scripting via the comment reply email flow. Public reports in multiple sources confirm the vulne...
CVE-2024-35773 WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...
CVE-2024-35773 WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...
PT-2024-26728 · Wpjohnny · Comment Reply Email
Name of the Vulnerable Software and Affected Versions: Comment Reply Email versions 1.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and also allows Cross-Site Scripting XSS in WPJohnny, specifically in the zerOneIT Comment Reply Email...
WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Masamichi Aoki Patchstack Alliance in WordPress Plugin Comment Reply Email versions = 1.3...
WordPress Comment Reply Email Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Comment Reply Email Type Plugin Vulnerable versions = 1.3 Fixed in 1.5 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35773 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8f46fb8fc4c8 Credits Masamichi Aoki Required privilege...
DRUPAL-CORE-2024-001
The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...