CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton. Before version 0.31.0.0, it fails to sanitize user input in System Settings – Social Media Management; fields such as Social Media and Social Media Link accept attacker-controlled data stored server-side and rendered without proper output encoding. Thi...

WordPress plugin King Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-33061

CVE-2026-33061 affects Jexactyl (previously named Exactyl), a configurable game management panel and billing system. The issue arises from injecting server-side objects into client-side JavaScript via resources/views/templates/wrapper.blade.php, where unescaped {!! json_encode(...) !!} is used wi...

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

XSSREFLECTOR

XSS Reflector XSS Reflector adalah tools otomatis untuk...

JetBrains TeamCity < 2025.11.0 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains TeamCity before 2025.11.0 Stored XSS was possible via session attribute CVE-2025-67741 - In JetBrains TeamCity...

vuln_XSS_web

Vulnerable Websites for XSS Testing Đây là 4 website mẫu, mỗi...

Linux Distros Unpatched Vulnerability : CVE-2023-23913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the...

SUSE CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

CVE-2024-51938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

PT-2022-23695 · Veritas · Veritas Netbackup Opscenter

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2 Veritas NetBackup OpsCenter versions 9.x through 9.0.0.1 Veritas NetBackup OpsCenter versions 9.1.x through 9.1.0.1 Veritas NetBackup OpsCenter version 10 Description: A DOM XSS attack...

DEBIAN-CVE-2022-23395

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting XSS...

CVE-2021-24891

The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue...