Cross Site Scripting (XSS)

ckeditor5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious content inserted into the editor when specific configurations are enabled such as the HTML embed plugin or custom plugins with editable RawElement views, which allows an attacker to...

EUVD-2025-10653

Malicious code in bioql PyPI...

EUVD-2024-33817

Malicious code in bioql PyPI...

EUVD-2024-33314

Malicious code in bioql PyPI...

EUVD-2025-22980

Malicious code in bioql PyPI...

CVE-2025-9879

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-clipboard is a Clipboard integration feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewToPlainText function in the utils/viewtoplaintext.ts file. An attacker can execute unauthorized JavaScript code by...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

GHSA-X9GP-VJH6-3WV6 CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

PT-2025-35839

Name of the Vulnerable Software and Affected Versions: ckeditor5 versions 44.2.0 through 45.2.1 ckeditor5 versions 46.0.0 through 46.0.2 ckeditor5-clipboard versions 44.2.0 through 45.2.1 ckeditor5-clipboard versions 46.0.0 through 46.0.2 Description: CKEditor 5 is a modern JavaScript rich-text...

WordPress Porn Videos Embed plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Porn Videos Embed versions = 0.9.1...

CVE-2025-6692

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6692

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6692

Summary of CVE-2025-6692 (YouTube Embed – WordPress) The vulnerability affects the YouTube Embed plugin for WordPress (versions up to and including 10.3). It is a Stored Cross-Site Scripting (Stored XSS) flaw in the handling of the “instance” parameter, caused by insufficient input sanitization a...

CVE-2025-6692 YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter

The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2025-31184 · WordPress · Youtube Embed

Name of the Vulnerable Software and Affected Versions: YouTube Embed plugin for WordPress versions prior to 10.4 Description: The YouTube Embed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the instance parameter. Insufficient input sanitization and output escaping...