10 matches found
CVE-2026-35055
XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting XSS related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox...
CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the arvlbmessage parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This is due to the arvlboptionsval sanitize callback returning...
EUVD-2021-11579
Malware in sbrugna...
EUVD-2025-24051
Malicious code in bioql PyPI...
CVE-2025-7726 The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The themeβs JavaScript reads user-supplied 'title' and 'data-dt-img-description'...
CVE-2025-32176
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.2.5...
CVE-2025-32176 WordPress Gallery Blocks with Lightbox plugin <= 3.2.5 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator Gallery Blocks with Lightbox allows Stored XSS.This issue affects Gallery Blocks with Lightbox: from n/a through 3.2.5...
CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability...
CVE-2023-5531
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image...