EUVD-2026-19279

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected DOM-based XSS vulnerability in taillog.js allows an unauthenticated attacker to inject arbitrary HTML into the Pi-hole admin interface...

CVE-2025-62043

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1...

CVE-2026-32361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through = 3.9.0...

CVE-2025-68538

CVE-2025-68538 affects ThemeGoods Craft craftcoffee (WordPress Theme Craft) with a DOM-Based XSS in the web page generation path due to improper input neutralization. Affected versions are

CVE-2025-68991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

PT-2025-39053

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Filter Everything affected versions not specified Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting XSS issue...

CVE-2025-30963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through = 3.6.3...

CVE-2023-48465

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48454

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-7853 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...