Lucene search
+L

257 matches found

OSV
OSV
added 2025/07/21 10:15 a.m.4 views

CVE-2025-41681

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...

4.8CVSS5.9AI score0.0028EPSS
Exploits1References2
NVD
NVD
added 2025/07/21 10:15 a.m.9 views

CVE-2025-41681

A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...

4.8CVSS0.0028EPSS
Exploits1References2
CVE
CVE
added 2025/07/21 9:31 a.m.20 views

CVE-2025-41681

CVE-2025-41681 is a persistent XSS due to improper neutralization of input, affecting Helmholz REX100 and MB CONNECT LINE mbNET.mini (versions

4.8CVSS5.7AI score0.0028EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

MB Connect Line mbNET.mini 跨站脚本漏洞

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A cross-site scripting vulnerability exists in MB CONNECT LINE mbNET.mini, which stems from improper neutralization of...

4.8CVSS6.2AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:21 p.m.12 views

CVE-2025-49875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2025/06/17 3:15 p.m.8 views

CVE-2025-49875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...

6.5CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 3:1 p.m.22 views

CVE-2025-49875

CVE-2025-49875 is a Stored XSS in the WordPress plugin If-So Dynamic Content Personalization (versions up to 1.9.3.1). Public sources confirm impact as Cross Site Scripting via input handling in web page generation. The vulnerability affects the If-So Dynamic Content Personalization plugin; explo...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 3:1 p.m.3 views

CVE-2025-49875 WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1...

6.5CVSS6.9AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 3:1 p.m.13 views

CVE-2025-49875 WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...

6.5CVSS0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.7 views

WordPress plugin If-So Dynamic Content Personalization cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS5.7AI score0.00159EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.5 views

CVE-2025-30994

Cross-Site Request Forgery CSRF vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through = 1.1.29...

4.3CVSS5.9AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.39 views

CVE-2025-30994

CubeWP – All-in-One Dynamic Content Framework (CubeWP) has CSRF vulnerability CVE-2025-30994 affecting releases up to 1.1.23. The connected documents do not specify a fixed version or remediation.

4.3CVSS5.9AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.4 views

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

5.5CVSS6.5AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.11 views

CVE-2024-0251

The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.7 views

CVE-2023-52150

Cross-Site Request Forgery CSRF vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5...

8.8CVSS8.5AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.8 views

CVE-2023-51492

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:47 p.m.4 views

CVE-2021-3327

Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...

5.4CVSS5.9AI score0.00656EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21478 · WordPress · If-So Dynamic Content Personalization

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.3 Description: The issue concerns the If-So Dynamic Content Personalization WordPress plugin, where it fails to validate and escape certain shortcode attributes...

5.4CVSS5.3AI score0.00254EPSS
Exploits1References4
CVE
CVE
added 2025/03/06 5:8 a.m.56 views

CVE-2025-22623

CVE-2025-22623 affects the WordPress plugin Ad Inserter – Ad Manager and AdSense Ads (version 2.8.0 and earlier). The vulnerability arises from the web application generating content without validating the origin of untrusted data in myapp/includes/dst/dst.php, enabling a reflected cross-site scr...

5.1CVSS7.1AI score0.00373EPSS
Exploits0References2
Veracode
Veracode
added 2025/03/04 6:15 a.m.7 views

Cross-Site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization and improper handling of dynamic content in the getElemWidth and getElemHeight functions, allowing malicious scripts to be injected and executed...

6.1CVSS6.3AI score0.00296EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder