CVE-2026-6224

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

Nocobase 安全漏洞

Nocobase is an open-source low-code platform developed by NocoBase. Versions of Nocobase 2.0.23 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper use of the createSafeConsole function in the...

WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Asynchronous Javascript versions = 1.3.5...

Openfire cross-site scripting vulnerabilities

Openfire is a real-time collaboration server developed by Ignite Realtime. Version Openfire 4.6.0 contains a cross-site scripting vulnerability. This vulnerability stems from improper handling of the path parameter by the nodejs plugin, which may lead to storage-based cross-site scripting attacks...

CVE-2021-47860

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...

CVE-2020-36854

The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the ajsteps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it...

WordPress plugin Async JavaScript 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

EUVD-2022-4803

Malicious code in bioql PyPI...

CVE-2025-31629 WordPress Infusionsoft Web Form JavaScript plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS. This issue affects Infusionsoft Web Form JavaScript: from n/a through 1.1.1...

CVE-2024-6548

CVE-2024-6548 affects the WordPress plugin Add Admin JavaScript (versions

Sprymedia Datatables 跨站脚本漏洞

Sprymedia Datatables is a Javascript-based plug-in from Sprymedia UK that supports efficient display of data on Html pages. A security vulnerability exists in Sprymedia DataTables version 1.9.2, which stems from a cross-site scripting XSS vulnerability that can be exploited by attackers to execut...

SUSE CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

CVE-2022-1567

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

WordPress TC Custom JavaScript Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.TC Custom JavaScript is a JavaScript custom editing plugin used in it. A cross-site scripting vulnerability exists in...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

UBUNTU-CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

DEBIAN-CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

PT-2019-12162 · Gradle +1 · Gradle +1

Name of the Vulnerable Software and Affected Versions: Gradle versions 1.4 through 5.3.1 Description: The issue arises from Gradle using an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. This could allow dependency artifacts to be...

PT-2017-15325 · Unknown · Simple Custom Css/Js

Name of the Vulnerable Software and Affected Versions: Simple Custom CSS and JS versions prior to 3.4 Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 3.4, update to version 3.4 or later to resolve the...

WordPress Simple Custom CSS and JS Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Simple Custom CSS and JS is one of the CSS and JS code editing components . A cross-site scripting vulnerabilit...