CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-12125

CVE-2025-12125 corresponds to a Stored Cross-Site Scripting vulnerability in the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. The issue arises from insufficient input sanitization and output escaping in admin settings, making authenticated attackers with administrator-level permis...

CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting

The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2018-0780

Malware in sbrugna...

EUVD-2019-9575

Malware in sbrugna...

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

EUVD-2025-12311

Malicious code in bioql PyPI...

EUVD-2025-9467

Malicious code in bioql PyPI...

EUVD-2024-52958

Malicious code in bioql PyPI...

EUVD-2023-55569

Malicious code in bioql PyPI...

PT-2025-40326

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 5.0 and later Description A Cross-Site Request Forgery CSRF issue exists in LXD-UI. This allows an attacker to create and start container instances without user consent by submitting crafted HTML forms that exploit clien...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.2...

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2...

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.2...

CVE-2025-46236

CVE-2025-46236: WordPress HTML Forms plugin (Link Software LLC) contains a stored XSS due to improper input neutralization during web page generation. Affected versions are 1.5.2 and earlier. Public references (NVD/patch sources) confirm the issue and CVSS vectors/score; however, the connected do...

CVE-2025-46236 WordPress HTML Forms <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2...

CVE-2025-46236 WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.2...