257 matches found
CVE-2025-41681
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...
CVE-2025-41681
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content...
CVE-2025-41681
CVE-2025-41681 is a persistent XSS due to improper neutralization of input, affecting Helmholz REX100 and MB CONNECT LINE mbNET.mini (versions
MB Connect Line mbNET.mini 跨站脚本漏洞
The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A cross-site scripting vulnerability exists in MB CONNECT LINE mbNET.mini, which stems from improper neutralization of...
CVE-2025-49875
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...
CVE-2025-49875
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...
CVE-2025-49875
CVE-2025-49875 is a Stored XSS in the WordPress plugin If-So Dynamic Content Personalization (versions up to 1.9.3.1). Public sources confirm impact as Cross Site Scripting via input handling in web page generation. The vulnerability affects the If-So Dynamic Content Personalization plugin; explo...
CVE-2025-49875 WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.3.1...
CVE-2025-49875 WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through = 1.9.3.1...
WordPress plugin If-So Dynamic Content Personalization cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-30994
Cross-Site Request Forgery CSRF vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through = 1.1.29...
CVE-2025-30994
CubeWP – All-in-One Dynamic Content Framework (CubeWP) has CSRF vulnerability CVE-2025-30994 affecting releases up to 1.1.23. The connected documents do not specify a fixed version or remediation.
CVE-2024-25142
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
CVE-2024-0251
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-52150
Cross-Site Request Forgery CSRF vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5...
CVE-2023-51492
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...
CVE-2021-3327
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...
PT-2025-21478 · WordPress · If-So Dynamic Content Personalization
Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.3 Description: The issue concerns the If-So Dynamic Content Personalization WordPress plugin, where it fails to validate and escape certain shortcode attributes...
CVE-2025-22623
CVE-2025-22623 affects the WordPress plugin Ad Inserter – Ad Manager and AdSense Ads (version 2.8.0 and earlier). The vulnerability arises from the web application generating content without validating the origin of untrusted data in myapp/includes/dst/dst.php, enabling a reflected cross-site scr...
Cross-Site Scripting (XSS)
tarteaucitronjs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization and improper handling of dynamic content in the getElemWidth and getElemHeight functions, allowing malicious scripts to be injected and executed...