103 matches found
EUVD-2025-204585
Orejime has executable code in HTML attributes...
GHSA-72MH-HGPM-6384 Orejime has executable code in HTML attributes
Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...
CVE-2025-68457
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
CVE-2025-68457 Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
CVE-2025-68457 Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
CVE-2025-68457 Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
PT-2025-52495
Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2 Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would...
CVE-2025-11820
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...
CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...
CVE-2025-11841
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Greenshift plugin <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Chart Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin Greenshift versions = 12.2.7...
CVE-2025-11841
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11841
CVE-2025-11841 (Greenshift – animation and page builder blocks) affects Greenshift for WordPress up to and including version 12.2.7. The vulnerability is a stored XSS via Chart Data attributes caused by insufficient input sanitization and output escaping. It requires authenticated access at Contr...
CVE-2025-11841 Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and including, 12.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2025-44914
Name of the Vulnerable Software and Affected Versions Greenshift – animation and page builder blocks versions up to and including 12.2.7 Description The Greenshift plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Chart Data attributes. Insufficient input sanitization...
CVE-2025-62659
The CVE-2025-62659 issue affects the MediaWiki CookieConsent extension for Cookie consent management. It is a Cross-Site Scripting (XSS) vulnerability caused by improper handling of reserved data attributes in the Sanitizer::validateAttributes() function, enabling arbitrary scripts to run in a us...
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...
EUVD-2025-28378
Malicious code in bioql PyPI...
EUVD-2025-31038
Malicious code in bioql PyPI...