3 matches found
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-15055
CVE-2025-15055 : WordPress SlimStat Analytics plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via the notes and resource parameters in versions up to 5.3.4. The flaw arises from insufficient input sanitization and output escaping, enabling an attacker to inject script that exe...
CVE-2016-10537
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the ModelEscape function of backbone 0.3.3 and earlier, if a user is...