377 matches found
CVE-2025-12160 Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-198431
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-47713
Name of the Vulnerable Software and Affected Versions Simple User Registration versions up to and including 6.6 Description The Simple User Registration plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the wp...
CVE-2025-40681
Cross-site Scripting XSS vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal...
EUVD-2025-84355
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...
CVE-2025-41103
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...
CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...
CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...
CVE-2025-12264 Wisencode Create Support Ticket create cross site scripting
A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may b...
CVE-2025-12264
Wisencode (up to 20251012) contains a cross-site scripting flaw in the Create Support Ticket Handler, specifically the /support-ticket/create endpoint. The issue arises from manipulation of the Message parameter, enabling XSS and potentially enabling remote exploitation. Public advisories consist...
CVE-2025-12264 Wisencode Create Support Ticket create cross site scripting
A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may b...
PT-2025-43931
Name of the Vulnerable Software and Affected Versions Wisencode versions prior to 20251013 Description A security flaw exists in Wisencode up to version 20251012. This issue affects an unknown functionality within the Create Support Ticket Handler component, specifically the file...
Wisencode Infotech Wisenshop 代码注入漏洞
Wisencode Infotech Wisenshop is an online shopping platform from India Wisencode Infotech. A code injection vulnerability exists in Wisencode Infotech Wisenshop 20251012 and earlier versions, which stems from an incorrect manipulation of the parameter Message in the file /support-ticket/create,...
CVE-2025-12017
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
EUVD-2025-35807
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
PT-2025-43599
Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...
EUVD-2021-24812
Malware in sbrugna...
EUVD-2006-1688
Malware in sbrugna...