phpList < 3.6.16 XSS Vulnerability

phpList is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; i...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-4126

The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-43567

Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containin...

Cross-Site Scripting (XSS)

@lumieducation/h5p-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the omission of the sanitizeHtml function call for plain text strings, which allows attackers to inject malicious HTML or JavaScript code...

PT-2025-21258

Name of the Vulnerable Software and Affected Versions: EG-Series plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's series shortcode due to insufficient input sanitization and output escaping on user-supplied...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

Cross-Site Scripting XSS vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process...

CVE-2025-44024

The CVE-2025-44024 entry concerns the Pichome system (v2.1.0 and earlier) with an XSS flaw in the login form caused by insufficient input sanitization. The vulnerable component is the login process where attacker-controlled inputs in the username or password fields can inject malicious JavaScript...

PT-2025-21219 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

CVE-2025-30315

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

CVE-2025-30316

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing a low‑privileged attacker to inject malicious JavaScript and have it executed when a user visits the affected page. Root cause is a stored XSS in input/for...

CVE-2025-30314 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

CVE-2025-30314 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

Cross-site Scripting (XSS)

com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...

CVE-2025-28074

phpList before 3.6.15 is vulnerable to Cross-Site Scripting XSS due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious...

Cross-site Scripting (XSS)

Overview phpList/phplist3 is a popular open source newsletter manager. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...

CVE-2025-28073

phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...