EUVD-2026-18991

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

PT-2026-30343

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf optin form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of...

CVE-2025-12518

beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all...

CVE-2025-12518 Stored XSS in beefree.io

beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all...

EUVD-2016-1582

Malware in sbrugna...

EUVD-2023-36143

Malicious code in bioql PyPI...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

UBUNTU-CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

PT-2025-16015 · Unknown +1 · Fusiondirectory +1

Name of the Vulnerable Software and Affected Versions: FusionDirectory versions prior to 1.5 Description: A path traversal vulnerability in FusionDirectory allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon paramete...

WordPress Plugin Essential Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-4497 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...

PT-2023-29324 · Unknown · Easy Chat Server

Name of the Vulnerable Software and Affected Versions: Easy Chat Server versions 3.1 and earlier Description: The issue arises from insufficient encryption of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability is stored via the "/registresult.htm" API...

Chat Server Cross-Site Scripting Vulnerability

Chat Server is ramank775 individual developer's chat server based on microservices architecture, supporting high availability, high throughput, horizontal scaling. A cross-site scripting vulnerability exists in Chat Server version 3.1, which stems from a stored cross-site scripting XSS...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

Cross site scripting

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

Cudy Technology LT400 跨站脚本漏洞

The Cudy Technology LT400 is a wireless router from the Chinese company Cudy Technology. A security vulnerability exists in the Cudy Technology LT400 version 1.13.4, which originates from a security issue in the icon parameter in /cgi-bin/luci/admin/network/bandwidth...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

PT-2023-23491 · Cudy · Cudy Lt400

Name of the Vulnerable Software and Affected Versions: Cudy LT400 version 1.13.4 Description: The issue is related to Cross Site Scripting XSS in the /cgi-bin/luci/admin/network/bandwidth endpoint via the icon parameter. This allows for potential malicious script execution. Recommendations: For...