18 matches found
CVE-2025-62951
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...
EUVD-2025-35991
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through = 1.16.0...
CVE-2025-62951
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...
CVE-2025-62951
CVE-2025-62951 concerns the WordPress plugin “Interactive Content – H5P” (icc0rz) with a stored XSS vulnerability. Public docs confirm the issue as: Improper Neutralization of Input During Web Page Generation, enabling stored XSS, affecting Interactive Content – H5P up to version 1.16.0. Red Hat ...
CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...
CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...
WordPress plugin Interactive Content – H5P 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerabilit...
PT-2025-43826
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through = 1.16.0...
EUVD-2023-56246
Malicious code in bioql PyPI...
CVE-2024-3111
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...
CVE-2024-3111
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...
CVE-2024-3111
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...
CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...
CVE-2024-3111
CVE-2024-3111 affects Interactive Content (H5P) WordPress plugin pre-1.15.8. The issue: uploads are not validated, allowing Contributors and above to update SVG files, causing Stored XSS. Consequences are web-applicable on sites using affected plugin versions prior to 1.15.8. Remediation: upgrade...
CVE-2023-51534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...
CVE-2023-51534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...
CVE-2023-26493 Command Injection in Cocos Engine workflow
Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...