CVE-2025-54172 Stored Cross-Site Scripting in QuickCMS

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...

WordPress plugin Exclusive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Exclusive Addons For Elementor, which stems from insufficient input cleanup and escaping, and can be exploited by a...