4108 matches found
CVE-2026-0549
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0549 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0549 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-0549
CVE-2026-0549 affects the WordPress Groups plugin (GroupS) via the groups_group_info shortcode. All versions up to 3.10.0 are vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability is exploitable by authe...
WordPress Groups plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'groupsgroupinfo' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Groups versions = 3.10.0...
WordPress plugin Groups 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-20625
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groups group info' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2026-20912
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.8.2 Description ChurchCRM is an open-source church management system. An authenticated user with permission to edit groups could store a JavaScript payload that would execute when the group was viewed in the Group...
CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane latest version that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into...
CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane latest version that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into...
CVE-2026-26270
CVE-2026-26270 affects InvoicePlane. A Stored XSS exists in the Identifier Format field, exploitable by an authenticated user with Invoice Group management permissions. The malicious script runs when users view the invoice list or the dashboard. A fix is available in Version 1.7.1. If your setup ...
GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /port-groups. An attacker with admin...
LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /device-groups. An attacker with admin...
GHSA-5PQF-54QP-32WX LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...
PT-2026-20554
Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to 1.7.1 Description InvoicePlane is an open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists that allows an authenticated user with the necessary...
PT-2026-20789
Name of the Vulnerable Software and Affected Versions LibreNMS versions 26.1.1 and below Description LibreNMS is a network monitoring tool. A stored cross-site scripting XSS issue exists due to insufficient sanitization of the port group name. An attacker with administrator privileges can inject...