EUVD-2025-208909

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

CVE-2025-63260

SyncFusion 30.1.37 is affected by a Cross-Site Scripting (XSS) vulnerability exposed through the Document-Editor’s reply-to-comment field and the Chat-UI chat messages. The issues are present in the UI components of SyncFusion for version 30.1.37 and are described consistently across Red Hat and ...

PT-2026-26666

CVE-2025-63260 SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message. https://t.co/lkPWuPDbql...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

EUVD-2025-33177

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-60299

CVE-2025-60299 affects Novel-Plus version 5.2.0 with a stored XSS in the /book/addCommentReply endpoint. An authenticated user can inject JavaScript via the replyContent parameter when replying to a book comment; the payload is stored in the database and executes in other users’ browsers viewing ...

EUVD-2024-35531

Malicious code in bioql PyPI...

EUVD-2023-49330

Malicious code in bioql PyPI...

CVE-2023-25051

Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...

CVE-2023-45008

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...

CVE-2024-35773

Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...

CVE-2024-35773

Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...

CVE-2024-35773 WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...

CVE-2024-35773

CVE-2024-35773 is a CSRF-to-stored XSS vulnerability in the WPJohnny zerOneIT Comment Reply Email WordPress plugin (Comment Reply Email) affecting version 1.3 and earlier. The issue enables cross-site scripting via the comment reply email flow. Public reports in multiple sources confirm the vulne...

CVE-2024-35773 WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting XSS.This issue affects Comment Reply Email: from n/a through 1.3...

PT-2024-26728 · Wpjohnny · Comment Reply Email

Name of the Vulnerable Software and Affected Versions: Comment Reply Email versions 1.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability and also allows Cross-Site Scripting XSS in WPJohnny, specifically in the zerOneIT Comment Reply Email...

WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Masamichi Aoki Patchstack Alliance in WordPress Plugin Comment Reply Email versions = 1.3...

WordPress Comment Reply Email Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Comment Reply Email Type Plugin Vulnerable versions = 1.3 Fixed in 1.5 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35773 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8f46fb8fc4c8 Credits Masamichi Aoki Required privilege...

DRUPAL-CORE-2024-001

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service DOS. Sites that do not use the Comment module are not affected...