EUVD-2026-24644

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

CVE-2026-4074

The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Th...

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

CVE-2026-1910

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-1910

WordPress UpMenu plugin

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

EUVD-2017-8259

Malware in sbrugna...

EUVD-2022-7709

Malicious code in bioql PyPI...

CVE-2020-20589

Cross Site Scripting XSS vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag...

GHSA-PWH3-3PCM-6VJH FeehiCMS vulnerable to Cross Site Scripting

Cross Site Scripting XSS vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag...

CVE-2020-20589

Cross Site Scripting XSS vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag...

PT-2022-8622 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.0.8 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This enables attackers to execute malicious scripts on the client-side, potentially...

CVE-2020-20589

The connected documents confirm CVE-2020-20589 affects FeehiCMS 2.0.8 with a Cross-Site Scripting (XSS) flaw in the lang attribute of HTML tags. The vulnerability enables remote attackers to deliver and execute malicious scripts in the victim’s browser (client-side impact). No official patch/vers...

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php based CMS builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.0.8. An attacker can exploit this vulnerability to execute arbitrary code via the lang attribute of the html tag...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

CVE-2017-17093

CVE-2017-17093 affects WordPress prior to 4.9.1, specifically wp-includes/general-template.php where the lang attribute of an HTML element is not properly restricted. This design flaw can enable cross-site scripting (XSS) via the site language setting. The vulnerability is addressed by WordPress ...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

SQL Injection

dolibarr is susceptible to SQL injection attacks. The attacker can execute arbitrary SQL queries through the style.css.php and translate.class.php files because the library does not filter the lang and defaultlang attributes respectively...