CVE-2019-25744

The CVE-2019-25744 entry concerns WordPress Popup Builder 3.49, which is vulnerable to a persistent cross-site scripting (XSS) flaw. The affected component is the post_title parameter, where an attacker can break out of option tags and craft POST requests to the post.php endpoint with a script pa...

Unity Linux 20.1070a Security Update: tbb (UTSA-2026-021383)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021383 advisory. In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Google XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting (XSS)

According to the changelog: 4.1.0 2018-12-18 - Fixed security issue related to escaping external URLs - Fixed security issue related to option tags in forms...