CVE-2022-50961

CVE-2022-50961 affects WordPress plugin IP2Location Country Blocker (v2.26.7). The stored XSS vulnerability allows authenticated users to inject arbitrary JavaScript via the Frontend Settings page, specifically by injecting scripts in the URL field of the Display page settings. The payload execut...

CVE-2025-41351

The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...

CVE-2018-5227

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the display url of a configured application link...

Apple iOS Spoofing Vulnerability

Apple iOS is an operating system developed for mobile devices. A security vulnerability exists in Safari on Apple iOS that can be exploited by remote attackers to construct malicious web pages that trick users into parsing a spoofed display URL...