Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation in the United States that is separate from the Mozilla Application Suite. The software supports the IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla...

Security Vulnerabilities fixed in Thunderbird 137.0.2 — Mozilla

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

CVE-2025-27266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-27266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Hover Image Button versions = 1.1.2...

CVE-2025-27266

CVE-2025-27266 is a DOM-based XSS in the WordPress plugin Hover Image Button, with vulnerability reported for versions up to 1.1.2 and earlier. The connected documents confirm improper input neutralization during web page generation as the root cause. No explicit fix version is provided in the su...

CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-27266 WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

WordPress plugin Hover Image Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the display parameter in the device editing interface. PoC " This is triggered by hoveri...

CVE-2025-22585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through = 1.1.2...

CVE-2025-22585 WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Ultimate Image Hover Effects ultimate-image-hover-effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through = 1.1.2...

CVE-2025-22585

CVE-2025-22585 describes an Improper Neutralization of Input During Web Page Generation vulnerability (DOM-based XSS) in the WordPress plugin Ultimate Image Hover Effects . Affected versions are listed as from n/a through 1.1.2. The initial description identifies the vulnerability as a Cross-Site...

CVE-2025-22323

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Image Hover Effects for Elementor image-hover-effects-elementor-addon allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through = 1.0.2.4...

WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Ultimate Image Hover Effects versions = 1.1.2...

CVE-2025-22323

CVE-2025-22323 is a stored cross-site scripting (XSS) vulnerability in the Image Hover Effects for Elementor plugin (Jewel Theme) for WordPress. The issue arises from improper neutralization of input during web page generation, enabling stored XSS on affected pages. Affected software: Image Hover...

CVE-2025-22323 WordPress Image Hover Effects for Elementor plugin <= 1.0.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Image Hover Effects for Elementor image-hover-effects-elementor-addon allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through = 1.0.2.4...

CVE-2025-22323 WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3...

PT-2025-4438 · Elementor · Image Hover Effects For Elementor

Name of the Vulnerable Software and Affected Versions: Image Hover Effects for Elementor versions 1.0.2.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inje...

PT-2025-4573 · Themebon · Themebon Ultimate Image Hover Effects

Name of the Vulnerable Software and Affected Versions: themebon Ultimate Image Hover Effects versions 1.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS...