CVE-2022-0205

The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

EUVD-2008-1967

Malware in sbrugna...

EUVD-2014-9184

Malware in sbrugna...

EUVD-2018-19237

Malware in sbrugna...

EUVD-2022-15610

Malicious code in bioql PyPI...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark ShiftNav – Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav – Responsive Mobile Menu: from n/a through = 1.8...

PT-2025-24092 · Widgetkit · Widgetkit

Name of the Vulnerable Software and Affected Versions: WidgetKit versions through 2.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scrip...

CVE-2021-24438

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'gaaction' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue...

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

CVE-2025-46226

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through = 2.18.0...

RHEL 7 : python-django (RHSA-2016:1595)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1595 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

PT-2025-3570 · Jfinaloa · Jfinaloa

Name of the Vulnerable Software and Affected Versions: JFinalOA versions prior to 2025.01.01 Description: A cross-site scripting XSS issue in the "/apply/getEditPage?view" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of...

CVE-2025-22802 WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop...

PT-2024-38259 · WordPress · The Shield Security Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Shield Security WordPress plugin versions prior to 20.0.6 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This...

PT-2023-29046 · Sscms · Sscms

Name of the Vulnerable Software and Affected Versions: SSCMS version 7.2.2 Description: A cross-site scripting XSS issue was found in the Column Management component. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. Recommendations: For...

JSA10428 - 2010-03 Security Bulletin: Pulse Connect Secure (PCS)- Cross site scripting issue on end user edit bookmarks page

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross site scripting issue on the end user edit bookmarks page. This issue was found during external proactive security testing. This vulnerability only affects users that are...

JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Cross Site Scripting issue found in Secure Meeting web...

SA40211 - [Pulse Secure] Cross site scripting issue (CVE-2016-4790)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue exists in a file that is located in the authenticated area of the administrative user...