21 matches found
CVE-2022-37787
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...
EUVD-2017-0008
Malware in sbrugna...
EUVD-2025-12232
Malicious code in bioql PyPI...
EUVD-2023-43702
Malicious code in bioql PyPI...
EUVD-2022-48338
Malicious code in bioql PyPI...
EUVD-2022-40396
Malicious code in bioql PyPI...
CVE-2024-10858
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...
CVE-2015-9299
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS...
BIT-GRAFANA-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
CVE-2025-2703 affects Grafana’s built-in XY Chart plugin through a DOM XSS flaw. The advisory text states that a user with Editor permissions can modify a panel to execute arbitrary JavaScript, indicating that the vulnerability stems from client-side script handling in the chart component and cou...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
PT-2025-17601 · Unknown +1 · Xy Chart Plugin +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The built-in XY Chart plugin is affected by a DOM XSS issue. A user with Editor permissions can modify a panel to execute arbitrary JavaScript. Recommendations: At the moment, there is no...
Grafana -- DOM XSS vulnerability
Grafana Labs reports: An external security researcher responsibly reported a security vulnerability in Grafana’s built-in XY chart plugin that is vulnerable to a DOM XSS vulnerability. The CVSS score for this vulnerability is 6.8 MEDIUM...
CVE-2023-3010
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability...
CVE-2024-10858
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
CVE-2023-29442
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...