21 matches found
CVE-2021-22503
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000...
EUVD-2025-24776
Malicious code in bioql PyPI...
CVE-2025-22872
CVE-2025-22872 involves the HTML tokenizer and related parsing logic where unquoted attribute values ending with a slash (/) are misinterpreted as self-closing tags. This only affects tags in foreign content (e.g., , ) and can cause incorrect DOM scope during parsing when using the Tokenizer dire...
CVE-2024-54335
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through = 1.3.3...
CVE-2024-51900
CVE-2024-51900 is a stored XSS in the WordPress plugin What Would Seth Godin Do (versions
CVE-2024-52492
CVE-2024-52492 details a Stored Cross-Site Scripting (XSS) flaw in the WordPress plugin Image horizontal reel scroll slideshow (versions
CVE-2024-53759
CVE-2024-53759 refers to a CSRF to Stored Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin “ArCa Payment Gateway” (versions 1.3.1 and earlier). The issue arises from improper input neutralization during web page generation, enabling stored XSS. Affected software is the ArCa Paymen...
CVE-2024-51663
CVE-2024-51663 is an XSS vulnerability in the WordPress plugin Bricksable for Bricks Builder (affected: Bricksable for Bricks Builder,
CVE-2024-51682
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor ht-builder allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through = 1.3.0...
CVE-2024-51682
CVE-2024-51682 is a stored XSS in HasThemes HT Builder – WordPress Theme Builder for Elementor (HT Builder) up to version 1.3.0. The vulnerability arises from improper input neutralization during web page generation, allowing stored XSS. Patchstack indicates fixed in 1.3.1; Red Hat/ENISA referenc...
CVE-2024-49651 WordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matt Royal WooCommerce Maintenance Mode woocommerce-maintenance-mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through = 2.0.1...
CVE-2024-50445
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in merkulove Selection Lite selection-lite allows Stored XSS.This issue affects Selection Lite: from n/a through = 1.13...
CVE-2024-48041
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through = 4.3.9...
CVE-2024-47847 Various XSSes found in Cargo
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting XSS.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1...
CVE-2024-43988
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5.7...
CVE-2024-39626
CVE-2024-39626 affects WordPress Pretty Simple Popup Builder; Stored XSS due to Improper Neutralization of Input During Web Page Generation. Affected: plugin Pretty Simple Popup Builder
CVE-2024-37922
CVE-2024-37922 is a Stored XSS in Leap13 Premium Addons for Elementor (WordPress) affecting Premium Addons for Elementor up to version 4.10.34. The underlying issue is improper neutralization of input during web page generation. A patch exists (update to a version later than 4.10.34); apply the f...
CVE-2024-33640
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2...
CVE-2024-25097
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0...
Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
Cross-site scripting XSS vulnerability in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...