142 matches found
PT-2026-24541
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
EUVD-2019-13404
Malware in sbrugna...
EUVD-2019-9208
Malware in sbrugna...
EUVD-2017-1255
Malware in sbrugna...
EUVD-2022-0664
Malicious code in bioql PyPI...
EUVD-2024-36704
Malicious code in bioql PyPI...
EUVD-2023-53195
Malicious code in bioql PyPI...
EUVD-2024-53453
Malicious code in bioql PyPI...
EUVD-2024-53071
Malicious code in bioql PyPI...
EUVD-2023-40437
Malicious code in bioql PyPI...
EUVD-2024-36652
Malicious code in bioql PyPI...
EUVD-2025-24698
Malicious code in bioql PyPI...
EUVD-2022-7581
Malicious code in bioql PyPI...
EUVD-2025-13866
Malicious code in bioql PyPI...
EUVD-2024-31355
Malicious code in bioql PyPI...
CVE-2025-7957 ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter
The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-55709
CVE-2025-55709 is a storage XSS flaw in the Visual Composer Website Builder plugin. The vulnerability arises from improper input neutralization during web page generation, enabling stored XSS in the affected plugin. Evidence from multiple sources indicates the vulnerability affects the Visual Com...
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-8317
The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-50035
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through = 3.1...