CVE-2025-48105 WordPress Easy Flash Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vincent Boiardt Easy Flash Embed easy-flash-embed allows Stored XSS.This issue affects Easy Flash Embed: from n/a through = 1.0...

CVE-2025-58863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

CVE-2025-58863 WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SdeWijs Zoomify embed for WP zoom-image-shortcode allows Stored XSS.This issue affects Zoomify embed for WP: from n/a through = 1.5.2...

CVE-2025-58863

CVE-2025-58863 relates to a stored XSS in the Zoomify embed for WordPress plugin. Affected software: Zoomify embed for WP, including versions up to and including 1.5.2. The root cause is improper input neutralization during web page generation. Impact is cross-site scripting which can be exploite...

WordPress Zoomify embed for WP Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Zoomify embed for WP versions = 1.5.2...

WordPress plugin Easy Flash Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-36202

Name of the Vulnerable Software and Affected Versions: SdeWijs Zoomify embed for WP versions through 1.5.2 Description: The software contains a Stored Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious...

WordPress plugin Zoomify embed for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

PT-2025-36245

Name of the Vulnerable Software and Affected Versions: Easy Flash Embed versions through 1.0 Description: The software contains a cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. Recommendations: At the moment,...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-clipboard is a Clipboard integration feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewToPlainText function in the utils/viewtoplaintext.ts file. An attacker can execute unauthorized JavaScript code by...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

GHSA-X9GP-VJH6-3WV6 CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

PT-2025-35839

Name of the Vulnerable Software and Affected Versions: ckeditor5 versions 44.2.0 through 45.2.1 ckeditor5 versions 46.0.0 through 46.0.2 ckeditor5-clipboard versions 44.2.0 through 45.2.1 ckeditor5-clipboard versions 46.0.0 through 46.0.2 Description: CKEditor 5 is a modern JavaScript rich-text...

Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

WordPress Easy Flash Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Flash Embed versions = 1.0...

Improper Resource Shutdown Or Release

org.apache.tomcat.embed, tomcat-embed-core is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper handling of resource shutdown, which allows an attacker to perform the "made you reset" attack...

Linux Distros Unpatched Vulnerability : CVE-2020-4046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in...