Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

CVE-2024-35696

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3...

CVE-2025-24644 WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce allows Stored XSS.This issue affects WooCommerce PDF Invoice...

CVE-2024-52487

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through = 1.7...

CVE-2024-52453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through = 5.8...

CVE-2024-7016 Stored XSS in Smarttek Informatics' Smart Doctor

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges. This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosu...

CVE-2024-52471

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37...

CVE-2023-27609

CVE-2023-27609 : WordPress plugin WP Roles at Registration (

CVE-2024-50540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in demixpress dp AddThis dp-addthis allows Stored XSS.This issue affects dp AddThis: from n/a through = 1.0.2...

CVE-2024-50517

CVE-2024-50517 affects WordPress ID-SK Toolkit plugin (ID-SK Toolkit) up to version 1.7.2, with a Stored XSS due to improper input neutralization during page generation. Public details across connected sources confirm the vulnerability and affected range (1.7.2 and earlier); no fix version is pro...

CVE-2024-51819 WordPress Tigris Flexplatform plugin <=1.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tigrisflexplatform Tigris Flexplatform tigris-flexplatform allows Stored XSS.This issue affects Tigris Flexplatform: from n/a through = 1.0.2...

CVE-2024-51890

CVE-2024-51890 is a stored XSS vulnerability affecting the Geoportail Shortcode plugin for WordPress, with affected versions from n/a through 2.4.4. The issue is described as Improper Neutralization of Input During Web Page Generation. Public sources in connected documents confirm Geoportail Shor...

CVE-2024-51892

CVE-2024-51892 describes a Stored XSS in the WordPress plugin Sell Media File with Stripe (naa986) affecting versions up to 1.0.6. The root cause is improper input neutralization during web page generation . Affected software is listed as from n/a through 1.0.6. Remediation recommended: update to...

CVE-2024-52419

CVE-2024-52419 concerns the WordPress plugin Copy Anything to Clipboard (versions ≤ 4.0.3). The issue is described as an Improper Neutralization of Input During Web Page Generation leading to stored XSS in the plugin. Public sources in the connected documents identify the affected software as the...

CVE-2024-52422

CVE-2024-52422 is a stored XSS in the WordPress plugin WP Githuber MD (WordPress plugin: WP Githuber MD). Affected versions are ≤ 1.16.3. The root cause is improper input neutralization during web page generation, enabling stored cross-site scripting. Public data (Patchstack/RedHat/ENISA) identif...

CVE-2024-51585

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Sales Page Addon – Elementor & Beaver Builder sales-page-addon allows Stored XSS.This issue affects Sales Page Addon – Elementor & Beaver Builder: from n/a through = 1.4.5...

CVE-2024-51597

CVE-2024-51597 is a stored XSS vulnerability in WordPress ThemeShark Templates & Widgets for Elementor (themeshark-elementor). The issue arises from improper neutralization of input during web page generation, affecting the plugin versions up to 1.1.7. Public sources consistently describe it as S...

CVE-2024-51699

CVE-2024-51699 is a reflected XSS in the Buooy Sticky Header WordPress plugin (Improper Neutralization of Input During Web Page Generation). Affected: Buooy Sticky Header versions up to 0.5.2 (and earlier/not explicitly fixed by a public patch in the available documents). Impact is reflected XSS,...

CVE-2024-51712 WordPress Jigoshop plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Visser Jigoshop – Store Toolkit jigoshop-store-toolkit allows Reflected XSS.This issue affects Jigoshop – Store Toolkit: from n/a through = 1.4.0...

CVE-2024-51678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through = 1.0.3...