CVE-2025-15055

CVE-2025-15055 : WordPress SlimStat Analytics plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via the notes and resource parameters in versions up to 5.3.4. The flaw arises from insufficient input sanitization and output escaping, enabling an attacker to inject script that exe...

CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-1766

Name of the Vulnerable Software and Affected Versions SlimStat Analytics plugin for WordPress versions prior to 5.3.5 Description The SlimStat Analytics plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the...

EUVD-2011-5106

Malware in sbrugna...

DesDev DedeCMS 注入漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. DesDev DedeCMS 5.7.2 and earlier versions exis...

CVE-2019-14427

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code...

WorkDo CRMGo 跨站脚本漏洞

WorkDo CRMGo is a project, accounting, lead, transaction and human resource management tool from WorkDo, Inc. A cross-site scripting vulnerability exists in WorkDo CRMGo version 7.2 and prior versions, which stems from a cross-site scripting vulnerability contained in the notes parameter in the...

CVE-2019-14427

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code...

CVE-2019-11449

I, Librarian 4.10 has XSS via the notes.php notes parameter...

CVE-2019-11449

I, Librarian 4.10 has XSS via the notes.php notes parameter...

PT-2019-12314

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the notes parameter in the "notes.php" endpoint. Recommendations For I, Librarian versio...